Re: [squid-users] FTP through Squid and pf.conf with load balancing dsl

From: Daniel Porres <chancleta@dont-contact.us>
Date: Sun, 2 Dec 2007 18:30:01 +0100

thanks for the reply, I've seen that the ftp_passive is enabled on
squid by default, so it's no needed to enable.
Later thinking about this again, Im going to try without squid as ftp
proxy because it should be dificult to select only ftp trafic from the
squid machine because is mixed on the same port with http trafic.
So to solve the problem, I will send ftp conections through only one
adsl, what makes ftp work without problems for a user inside the LAN
conecting to an ftp server in passive mode.

I will put this rules on pf.conf of the openbsd firewall.

pass in on $int_if route-to ($ext_if1 $ext_gw1)} proto tcp from $lan_net to \
!vpn_net port 21 keep state

#ports on ftp openbsd servers
#acording to openbsd documentation
pass in on $int_if route-to ($ext_if1 $ext_gw1)} proto tcp from $lan_net to \
!$vpn_net port >49151 keep state

#ports in ftp passive servers
#acording to wikipedia
pass in on $int_if route-to ($ext_if1 $ext_gw1)} proto tcp from $lan_net to \
!$vpn_net port >1023 keep state

I haven't try it yet, tomorrow let's see if it works.
Any comment would be much appreciated.

Regards,
-
Daniel
network engineer

On 02/12/2007, Amos Jeffries <squid3@treenet.co.nz> wrote:
> Daniel Porres wrote:
> > Hi friends,
> >
> > Im having some problems making possible a FTP connection (control and
> > data). Very often control connection establishes in one adsl and the
> > data connection by the other dsl, and the far server don't like that.
> > Im thinking to use squid ftp proxy under the firewall in other machine
> > and procces the data for later send all ftp to the open bsd firewall.
> > I dont know how to identify ftp squid data to send it only by one adsl
> > and solve the problem of the load balancing with ftp conections.
> >
> > Thanks,
>
> Have you tried with "ftp_passive on"?
> That should be making the remote server setup the data connection.
>
> Amos
>
Received on Sun Dec 02 2007 - 10:30:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST