[squid-users] Native FTP relay: connection closes (?) after 'cannot assign requested address' error
Alexander
goal81 at gmail.com
Fri Jan 20 08:40:16 UTC 2017
Hello, I have a question regarding a native FTP relay (squid's version is
3.5.23).
I've tried to test this feature like this:
[Filezilla Client, 1.1.1.2] <-----> [ Router: iptables + squid ]
<-----> [vsftpd server, 5.5.5.10]
The router is CentOS 6.5 machine. Firewall settings are:
ip route flush table 100
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 0x01/0x01
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 2121
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3128
No other rules are defined and default policy for INPUT/OUTPUT/FORWARD is
ACCEPT. The rp_filter is disabled.
Squid's configuration file is attached.
With HTTP everything works fine, however FTP causes a problem. A client
successfully connects and authenticates, but when it tries to execute LIST
or RETR (when data connection should be established), Filezilla says
"Connection closed by server". Meanwhile squid says the following:
commBind: Cannot bind socket FD 17 to 1.1.1.2: (99) Cannot assign requested
address
What can be wrong with this setup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170120/0542ce77/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid.conf
Type: application/octet-stream
Size: 1485 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170120/0542ce77/attachment.obj>
More information about the squid-users
mailing list