[squid-users] RV: squid

Eliezer Croitoru eliezer at ngtech.co.il
Thu Jun 15 15:57:25 UTC 2017 

Hey,

Can you re-define your scenario?
Squid in it's basic form is merely a http proxy which you can use to fetch
ftp requests.
I do not know exactly what you expect but when you use squid as a FTP proxy
it would convert the ftp connection into http.
If you are using a specific ftp client it might be different and then you
would need the port 21 on the Safe_Ports list.
But you cannot force a server to use an active or passive connection since
the ftp service will be defined only for active or for both active and
passive connections.
This is not in the hand of squid...
If you have a specific ftp address which we can use to test it would help a
lot.

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of javier perez
Sent: Thursday, June 15, 2017 1:53 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] RV: squid

Good morning squid users,

I’m facing a weird situation in my Company… let me explain:

I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. 
My configuration file looks like this:

/etc/squid/squid.conf
############################################################################
##

acl SSL_ports port 443 21
ftp_port 21
ftp_passive off

############################################################################
##

acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 21
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

############################################################################
##

acl FTP proto FTP
always_direct allow FTP

############################################################################
##

http_access allow CONNECT SSL_ports
http_access allow CONNECT Safe_ports
http_access allow SSL_ports
http_access allow Safe_ports
http_access allow all
http_access allow FTP

############################################################################
##

http_port 3128

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

############################################################################
##

The thing is that the parameter “ftp_passive off” seems not to be working… 
Due to security measures we have to use non-passive mode to be able to
transfer anything.

The connection works fine with the remote hosts, the login works, but I have
to enter “passive” every single time to swap the mode to non-passive. 
I don’t know whether the “ftp_passive” is not working or I need to do
something else.

After doing a deep research I cannot find much information related with this
kind of problems, so I decided to get in touch with you. Please help!!

Thanks in advance.
Regards

More information about the squid-users mailing list