[squid-users] FTP interrupted
ludek_coufal
ludek_coufal at email.cz
Wed Nov 23 09:16:39 UTC 2016
Hello Garri,
Thank You for explain Squid and FTP.
1. Directive read_timeout work OK
2. I will sometime upgrade Squid to ver. 3.5
Thank You
Ludek
---------- Původní zpráva ----------
Od: Garri Djavadyan <garryd at comnet.uz>
Komu: squid-users at lists.squid-cache.org
Datum: 23. 11. 2016 7:58:09
Předmět: Re: [squid-users] FTP interrupted
"On Wed, 2016-11-23 at 07:17 +0100, ludek_coufal wrote:
> Hello Garri,
> client FTP - Total Commander (I test WinSCP, FileZilla with same
> result - after 15 min connection interrupted) with proxy server -
> proxy server HTTP with FTP support:
> part of squid.conf:
> *********************************************************************
> ******************
> acl SSL_ports port 21
> acl SSL_ports port 1024-65535
> acl SSL_ports port 443
> acl SSL_ports port 8443
> acl SSL_ports port 6400
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl FTP proto FTP
> always_direct allow FTP
>
> http_access deny !Safe_ports
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
>
> ###############
> # http_access deny localnet !bandwidth_auth
> ###############
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> http_access deny all
> # Squid normally listens to port 3128
> #http_port 3128 transparent
> http_port 3128
> ftp_port 21
> # Uncomment and adjust the following to add a disk cache directory.
> #cache_dir ufs /var/log/squid/cache 100 16 256
> # Leave coredumps in the first cache dir
> coredump_dir /var/log/squid/cache
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> logfile_rotate 2
> *********************************************************************
> ****
> When I add ftp_port 21 in squid.conf and proxy.reload I get this
> message:
> /etc/squid/squid.conf:129 unrecognized: 'ftp_port'
> I found this: http://www.squid-cache.org/Doc/config/ftp_port/
> Our version is Squid Cache ver. 3.3.8
Hi Ludek,
With the above config, your FTP clients use CONNECT methods. Squid
simply tunnels connections from FTP client to FTP server. When you
upload a file over FTP data channel, FTP control channel is idle and
Squid terminates the control connection after 15 minutes [1] by
default. It is because Squid don't know about relations between
tunneled control channel and data channel. You can try to increase
default timeout. But more elegant solution is to use FTP relay function
(ftp_port).
The ftp_port directive only available in Squid-3.5 and above. You
should upgrade Squid to latest 3.5.22 as Eliezer already advised you.
When you configure ftp_port, in Filezilla you should disable
connection->generic proxy and enable connection->ftp->ftp proxy with
following settings:
Type: custom
---
USER %u@%h
PASS %p
---
Proxy host: Squid's IP adress
[1] http://www.squid-cache.org/Doc/config/read_timeout/
Garri
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161123/54b0aa68/attachment.html>
More information about the squid-users
mailing list