[squid-users] About Squid's FTP-Proxy mode support!
Amos Jeffries
squid3 at treenet.co.nz
Tue Feb 6 12:08:56 UTC 2018
On 07/02/18 00:31, Koji Fushimi wrote:
> Hello, All
>
> Please provide information on Squid's support for FTP-Proxy mode.
>
Are you asking about the new "Native FTP" proxy feature?
or Squid's older HTTP<->FTP gateway proxy feature?
> In my understanding, the default is passive mode.
> -/etc/squid/squid.conf ftp_passive ON
>
The ftp_passive directive controls HTTP<->FTP gateway interactions.
> So if I want to work in Active mode, it is necessary to change
> to ftp_passive off.
>
> Is this understanding correct?
No, Squid FTP gateway feature auto-detects the server active/passive
capabilities. Passive works most often, but Squid can fall back to
active if passive fails. There are some issues though which make active
fail sometimes.
"Native FTP" proxying relays the FTP mode chosen by the client. AFAICS
in the code there is some support for Squid translating between active
and passive mode transfers on the fly. Whether that works I cannot say.
But, please be aware that Active FTP often does not work through a proxy
for the same reasons it does not work through a NAT. In fact NAT is why
Passive is the default for the gateway feature.
>
> By the way, Is it possible to work both Active mode and Passive
> mode simultaneously?
> -In our IT system, it is connected to many FTP Server (A-FTP Sever,
> B-FTP Server via Squid(FTP Proxy) Server. For example, A-FTP Server
> works in Active mode and B-FTP Server works in Passive mode.
>
It is technically possible in FTP since the difference is only in how
the DATA connections are established. However, Squid only supports one
DATA connection at a time per FTP client - so in reality there is no
"simultaneous" connections for this to actually happen on.
Whether your setup works is a question of whether the FTP client
negotiates a transfer mode that the server can perform *AND* can work
through a proxy/NAT. So the answer is "try it and find out".
Thanks for your interest in Squid.
PS. If you find Squid capabilities insufficient, we used to recommend
frox as the best option for native FTP proxying
(<http://frox.sourceforge.net/>).
Cheers
Amos
More information about the squid-users
mailing list