[squid-users] RV: squid

javier perez javier.perez at accelya.com
Fri Jun 16 06:39:50 UTC 2017 

Hello Eliezer,

I have more tan 100 clients and only 2 of them demand active ftp, so only
bcz of them we are rolling-back to Windows.
Squid works perfectly with the other 100+ clients, so I am really happy
with Squid, and I will use it in the future for sure.

I can't redefine the thing bcz it depends on my clients, not on me.

Thank you very much for your interest and feedback.

Regards
__________________________________________________________________________
__________________________________________

Hey,

Can you re-define your scenario?
Squid in it's basic form is merely a http proxy which you can use to fetch
ftp requests.
I do not know exactly what you expect but when you use squid as a FTP
proxy it would convert the ftp connection into http.
If you are using a specific ftp client it might be different and then you
would need the port 21 on the Safe_Ports list.
But you cannot force a server to use an active or passive connection since
the ftp service will be defined only for active or for both active and
passive connections.
This is not in the hand of squid...
If you have a specific ftp address which we can use to test it would help
a lot.

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of javier perez
Sent: Thursday, June 15, 2017 1:53 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] RV: squid

Good morning squid users,

I’m facing a weird situation in my Company
 let me explain:

I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy.
My configuration file looks like this:

/etc/squid/squid.conf
##########################################################################
##
##

acl SSL_ports port 443 21
ftp_port 21
ftp_passive off

##########################################################################
##
##

acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher acl Safe_ports port 21 acl
Safe_ports port 210         # wais acl Safe_ports port 1025-65535  #
unregistered ports acl Safe_ports port 280         # http-mgmt acl
Safe_ports port 488         # gss-http acl Safe_ports port 591         #
filemaker acl Safe_ports port 777         # multiling http acl CONNECT
method CONNECT

##########################################################################
##
##

acl FTP proto FTP
always_direct allow FTP

##########################################################################
##
##

http_access allow CONNECT SSL_ports
http_access allow CONNECT Safe_ports
http_access allow SSL_ports
http_access allow Safe_ports
http_access allow all
http_access allow FTP

##########################################################################
##
##

http_port 3128

refresh_pattern ^ftp:           1440    20%     10080 refresh_pattern
^gopher:        1440    0%      1440 refresh_pattern -i (/cgi-bin/|\?)
0     0%      0 refresh_pattern .               0       20%     4320

##########################################################################
##
##

The thing is that the parameter “ftp_passive off” seems not to be working

Due to security measures we have to use non-passive mode to be able to
transfer anything.

The connection works fine with the remote hosts, the login works, but I
have to enter “passive” every single time to swap the mode to non-passive.

I don’t know whether the “ftp_passive” is not working or I need to do
something else.

After doing a deep research I cannot find much information related with
this kind of problems, so I decided to get in touch with you. Please
help!!

Thanks in advance.
Regards

More information about the squid-users mailing list