[squid-users] FTP interrupted

ludek_coufal ludek_coufal at email.cz
Wed Nov 23 06:17:52 UTC 2016


Hello Garri,

client FTP - Total Commander (I test WinSCP, FileZilla with same result - 
after 15 min connection interrupted) with proxy server - proxy server HTTP 
with FTP support:

part of squid.conf:

****************************************************************************
***********

acl SSL_ports port 21
acl SSL_ports port 1024-65535

acl SSL_ports port 443
acl SSL_ports port 8443
acl SSL_ports port 6400

acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443  # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http


acl CONNECT method CONNECT

acl FTP proto FTP
always_direct allow FTP


http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager




###############
# http_access deny localnet !bandwidth_auth
###############

http_access allow localhost




# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
#http_port 3128 transparent
http_port 3128

ftp_port 21

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/log/squid/cache 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/log/squid/cache

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .  0 20% 4320

logfile_rotate 2 

*************************************************************************

When I add ftp_port 21 in squid.conf and proxy.reload I get this message:

/etc/squid/squid.conf:129 unrecognized: 'ftp_port'

I found this: http://www.squid-cache.org/Doc/config/ftp_port/

Our version is  Squid Cache ver. 3.3.8







Thank You

Ludek







---------- Původní zpráva ----------
Od: Garri Djavadyan <garryd at comnet.uz>
Komu: squid-users at lists.squid-cache.org
Datum: 22. 11. 2016 19:18:35
Předmět: Re: [squid-users] FTP interrupted

"On 2016-11-22 22:24, Garri Djavadyan wrote:
> On 2016-11-22 17:05, ludek_coufal wrote:
>> Hello,
>> Squid Cache ver. 3.3.8 on CentOs Linux 7.2.1511
>> 
>> FTP connection from local net over linux server CentOs firewall with
>> Squid proxy to internet FTP server is interrupted every 15 min (900
>> sec).
>> Large file upload is interrupted.
>> Direct connection without Squid proxy work OK.
> 
> Hi,
> 
> The issue may occur, if FTP client uses CONNECT method to connect to
> remote FTP servers. You can find details in the following thread:
> 
> http://www.squid-cache.org/mail-archive/squid-users/200609/0111.html

If your FTP client connects to Squid's http_port then it uses CONNECT 
method. To solve the problem try to use ftp_port and disable proxy 
settings on FTP client.
For example:

1. Configure ftp_port.
# diff etc/squid.conf.default etc/squid.conf
59a60
> ftp_port 21

2. Connect from FTP client, where:
${squid_ip} - Squid's IP address
${squid_ftp_port} - configured ftp_port
${username} - username on remote FTP server
${ftp_server} - remote FTP server name/IP
${password} - password for remote FTP server

$ ftp ${squid_ip} ${squid_ftp_port}
Connected to localhost.localdomain.
220 Service ready
Name (localhost:garry): ${username}@${ftp_server}
530 Must login first
530 Must login first
SSL not available
331 Please specify the password.
Password: ${password}
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>


Garri
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161123/56f77dc3/attachment.html>


More information about the squid-users mailing list