[squid-users] FTP interrupted
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Nov 23 14:44:53 UTC 2016
What OS are you using?
Maybe I have a ready to go binary for the one you are using.
Eliezer
----
Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of ludek_coufal
Sent: Wednesday, November 23, 2016 11:17
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] FTP interrupted
Hello Garri,
Thank You for explain Squid and FTP.
1. Directive read_timeout work OK
2. I will sometime upgrade Squid to ver. 3.5
Thank You
Ludek
---------- Původní zpráva ----------
Od: Garri Djavadyan <garryd at comnet.uz <mailto:garryd at comnet.uz> >
Komu: squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
Datum: 23. 11. 2016 7:58:09
Předmět: Re: [squid-users] FTP interrupted
On Wed, 2016-11-23 at 07:17 +0100, ludek_coufal wrote:
> Hello Garri,
> client FTP - Total Commander (I test WinSCP, FileZilla with same
> result - after 15 min connection interrupted) with proxy server -
> proxy server HTTP with FTP support:
> part of squid.conf:
> *********************************************************************
> ******************
> acl SSL_ports port 21
> acl SSL_ports port 1024-65535
> acl SSL_ports port 443
> acl SSL_ports port 8443
> acl SSL_ports port 6400
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl FTP proto FTP
> always_direct allow FTP
>
> http_access deny !Safe_ports
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
>
> ###############
> # http_access deny localnet !bandwidth_auth
> ###############
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> http_access deny all
> # Squid normally listens to port 3128
> #http_port 3128 transparent
> http_port 3128
> ftp_port 21
> # Uncomment and adjust the following to add a disk cache directory.
> #cache_dir ufs /var/log/squid/cache 100 16 256
> # Leave coredumps in the first cache dir
> coredump_dir /var/log/squid/cache
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> logfile_rotate 2
> *********************************************************************
> ****
> When I add ftp_port 21 in squid.conf and proxy.reload I get this
> message:
> /etc/squid/squid.conf:129 unrecognized: 'ftp_port'
> I found this: http://www.squid-cache.org/Doc/config/ftp_port/
> Our version is Squid Cache ver. 3.3.8
Hi Ludek,
With the above config, your FTP clients use CONNECT methods. Squid
simply tunnels connections from FTP client to FTP server. When you
upload a file over FTP data channel, FTP control channel is idle and
Squid terminates the control connection after 15 minutes [1] by
default. It is because Squid don't know about relations between
tunneled control channel and data channel. You can try to increase
default timeout. But more elegant solution is to use FTP relay function
(ftp_port).
The ftp_port directive only available in Squid-3.5 and above. You
should upgrade Squid to latest 3.5.22 as Eliezer already advised you.
When you configure ftp_port, in Filezilla you should disable
connection->generic proxy and enable connection->ftp->ftp proxy with
following settings:
Type: custom
---
USER %u@%h
PASS %p
---
Proxy host: Squid's IP adress
[1] http://www.squid-cache.org/Doc/config/read_timeout/
Garri
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 65977 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161123/72177e3b/attachment-0001.bin>
More information about the squid-users
mailing list