Matus UHLAR - fantomas wrote:
> On 04.12.07 10:54, Chris Robertson wrote:
>
>> To make the server set up the data connection, passive FTP is the
>> correct choice (http://en.wikipedia.org/wiki/FTP#Connection_Methods).
>>
>> Whether that makes the remote server any happier about the data
>> connection originating from a different IP from the control, I can't say.
>>
>
> I'm think you have misread it. the data connection is opened by the server
> in active/PORT connection. with passive connection, client opens both
> connections (control and data) and in this case the server can reject
> data connection, if client makes if from different IP.
>
I guess it all comes down to definitions. I interpret "In passive mode,
the FTP server opens a random port..." as the server setting up the data
connection (considering the server controls what port is used), but I
can see the other angle, with the client then initiating a connection to
that port.
With active mode FTP, the server would also be able to refuse to
initiate a connection to a different host than was sending the
commands. Passive, or active, a client specifying a different IP for
data than that used for the control is FXP
(http://en.wikipedia.org/wiki/File_eXchange_Protocol), and is disabled
by default on many FTP servers (original poster's included).
In any case, to help with the original issue...
acl FTP proto FTP
tcp_outgoing_address 192.168.32.15 FTP
...will assure that all FTP data use the listed IP address on a multi-IP
machine. The proto FTP acl could also be used to send all FTP transfers
to a specific parent proxy outside of the load balancing setup with
cache_peer_access.
Chris
Received on Wed Dec 05 2007 - 14:16:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST