<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2017-01-23 21:41 GMT+03:00 Alex Rousskov <span dir="ltr"><<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Needless to say, your specific needs may differ from that general<br>
principle. It is possible that Squid needs a knob to handle your use<br>
case differently. However, I am pretty sure that somebody does want<br>
Squid to do what it does know so we should not change Squid behavior to<br>
satisfy your use case.<br></blockquote><div><br></div><div>I understand that, however the first and foremost reason I asked the question was that my use case pretends to be pretty typical :)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
What if you can restrict the set of ports that Squid uses to accept<br>
passive FTP data connections? That way, you can redirect only those data<br>
connections that match those ports. This is not an ideal solution, and<br>
Squid does not support that directly right now, but it might work in<br>
principle.<br></blockquote><div><br></div><div>I have thought about it, however these ports may interfere with real server's ports.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Another option is to modify Squid to report the expected data connection<br>
IP:ports to some helper so that you can write a script that dynamically<br>
modifies your network redirection rules.<br></blockquote><div><br></div><div>I like this one more. It looks like a kind of ip_conntrack_ftp.</div><div><br></div><div>Thank you for the explanation, I will try to do something.</div></div></div></div>