[squid-users] RV: squid
javier perez
javier.perez at accelya.com
Fri Jun 16 06:33:44 UTC 2017
Hello Matus,
You are right, the thing is that our clients are not going to open any other
port than 20 and 21 for security meassures (or lazyness).
So, if We can't use a dinamic data- port on the destination, passive ftp is
discarded.
The thing is that with the "ftp_passive off" directive the most of my
clients don't work at all, just a couple of them demand active ftp and make
my life a bit more complicated bcz of this deprecated way of ftp-ing.
We are working with highly securized environments that make very difficult
any kind of modification.
Thank you very much for your time and effort.
Regards
On 15.06.17 19:58, javier perez wrote:
>I found this on the oficial documentation:
>
>ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASE
>NOTES.html
>
>Section 2.6 Relay FTP
>FTP Relay highlights:
>2nd line:
>
>" Active and passive FTP support on the user-facing side; require
>passive connections to come from the control connection source IP address."
IMHO
that means, if you open FTP control connection to squid, the passive data
connection to it must come from the same IP as control connection.
That in fact means, you can't use squid for FXP (server-server transfers).
>Does this mean that no active connections will be stablished between
>the dest. Host and squid?????
IMHO
that one is still managed by ftp_passive option.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list