[squid-users] FTP : Squid sending private IP in PASV response
Gael Ancelin
gaela at ace-service.fr
Thu Oct 20 14:07:17 UTC 2016
Hello,
I have searched in maillist archives but have not seen so far someone with the
same problem.
My Squid's objective is to foward FTP & HTTP requests to a distant server.
Squid is running on CentOS 7.2.
uname -r : 3.10.0-327.28.3.el7.x86_64
squid -v : Version 3.5.20
I don't have the choice to use anything but Squid, and I can't use firewalling
rules for forwarding directly ports.
WAN_1stPublic_IP ----------------------------[FIREWALL_1] -----[FTP_SERVER]
WAN_2ndPublic_IP ---[FIREWALL_2]--[SQUID]-----[VPN]-----[FTP_SERVER]
Here's my problem :
When I'm connecting in FTP on the 2nd Public IP, everything is ok, but when I
want to switch to passive mode, Squid is sending his own private ip instead of
the 2nd public IP. So the connexion timed out.
ftp> open <WAN 2ndPublic IP>
Connected to <WAN 2ndPublic IP> (<WAN 2ndPublic IP>).
220 Service ready
Name (<WAN 2ndPublic IP>:<user>): <login>
---> USER <login>
331 Please specify the password.
Password:
---> PASS XXXX
230 Login successful.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
---> PWD
257 "/"
ftp> ls
---> PASV
227 Entering Passive Mode (<SQUID Private IP>,<port>).
ftp: connect: Connexion terminée par expiration du délai d'attente
Is there a way to "force" Squid to resend his public IP ?
I'm thinking of something like "pasv_address" option in vsftpd, but for squid.
Gaël Ancelin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161020/cee2f67f/attachment.html>
More information about the squid-users
mailing list