[squid-users] squid ftp-proxy

Amos Jeffries squid3 at treenet.co.nz
Sat Apr 9 04:37:22 UTC 2016

On 5/04/2016 9:08 p.m., Axel.Eberhardt at t-systems.com wrote:
> Hello,
> Maybe someone can give me a hint :-)
> I try to enable the Native ftp proxying.
> The documentation I have found is:
> http://wiki.squid-cache.org/Features/FtpRelay
> But there is no example for this. Also in the Mail Archives I was not able to find a hint.
> I have configured the ftp proxy with parameter:
> 	ftp_port 21

AFAIK that port is intended either for use as above when the Squid IP
address or hostname is given to the client FTP tool as the FTP server
 Or when intercepting port 21 traffic - with the 'intercept' option on
the port config line.

It is still a new / experimental and rarely used feature so YMMV.

> Version:
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> squid -v
> Squid Cache: Version 3.5.15
> Service Name: squid
> configure options:  '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--verbose' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam,fake' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,LDAP_group,delayer,file_user
ip,SQL_session,unix_group,session,time_quota' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--enable-ecap' '--without-nettle' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune
=generic -fPIC' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Now my problem.
> I am able to connect via ftp client to the squid.
> Also the login will be correct:	
> 	example:  anonymous at ftp.informatik.rwth-aachen.de
> But after a command which use a data channel the connection fails:
> 	421 Service not available, remote server has closed connection
> I try a tcpdump but I cannot find a failure. 
> The only different between a native ftp session and a connection over the squid is a missing TCP ACK after the last ftp data package. 

Um, missing ACK on which of the four connections involved?
  and from which of the three software involved?


More information about the squid-users mailing list