[squid-users] RV: squid
javier perez
javier.perez at accelya.com
Thu Jun 15 14:28:59 UTC 2017
I found this on the oficial documentation:
ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html
Section 2.6 Relay FTP
FTP Relay highlights:
2nd line:
" Active and passive FTP support on the user-facing side; require passive
connections to come from the control connection source IP address."
Does this mean that no active connections will be stablished between the
dest. Host and squid?????
Thank you all in advance.
Regards
>On Thursday 15 June 2017 16:22:44 javier perez wrote:
>
>> I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy.
>>
>> My configuration file looks like this:
>
>...snip...
>
>> acl SSL_ports port 443 21
On 15.06.17 13:03, Antony Stone wrote:
>Why are you specifying port 21 as SSL?
apparently result of windows settings "enable folder view for FTP sites"
that causes explorer avoid using proxy for ftp:// and connect directly as
FTP client.
maybe IE in this case uses CONNECT tunnels for FTP protocol.
I wonder how would it behave if you enabled SOCKS server.
>"ftp_passive off" should mean that you can't do passive FTP through the
>Squid server, but it won't stop the client application from trying.
>
>You need to tell the client system/s always to use active FTP (which
>will go through Squid) - Squid can't do that for you - it will simply
>allow or block whatever requests come its way.
clients using squid as CONNECT proxy technically can't use PORT mode, since
HTTP does not contain anything like LISTEN.
intercepted FTP connections are something different, although support for
this is relatively new (since 3.5)
there is SOCKS protocol that supports listening required by PORT/EPRT mode,
although most of FTP clients use passive by default
(not sure about windows commandline FTP client - at least in XP is only
supported PORT mode)
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list