Re: Fwd: [squid-users] FTP issues from Amos Jeffries on 2009-08-21 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 21 Aug 2009 22:01:36 +1200

Kevin Kimani wrote:
> This is wat i get in Filezilla
> "12:40:06 Status: Connecting to www.icuh2009.org through proxy
> 12:40:06 Status: Connecting to 10.176.203.200:8080...
> 12:40:06 Status: Connection with proxy established, performing handshake...
> 12:40:06 Response: Proxy reply: HTTP/1.0 200 Connection established
> 12:40:06 Status: Connection established, waiting for welcome message...
> 12:40:06 Response: 220 Karibu! SawaSawa.com FTP Server - Ready...
> 12:40:06 Command: USER xxxxxxx
> 12:40:06 Response: 331 Password required for icuh2009.org.
> 12:40:06 Command: PASS ****************
> 12:40:06 Response: 230-Disk Quota - Current : 178.827 MBytes - Max :
> 976.563 MBytes - Available : 797.736 MBytes
> 12:40:06 Response: 230 User icuh2009.org logged in.
> 12:40:06 Command: CLNT FileZilla
> 12:40:06 Response: 200 Noted.
> 12:40:06 Command: OPTS UTF8 ON
> 12:40:06 Response: 200 UTF8 OPTS ON
> 12:40:06 Status: Connected
> 12:40:06 Status: Retrieving directory listing...
> 12:40:06 Command: PWD
> 12:40:06 Response: 257 "/" is current directory.
> 12:40:06 Command: TYPE I
> 12:40:06 Response: 200 Type set to I.
> 12:40:06 Command: PASV
> 12:40:06 Response: 227 Entering Passive Mode (80,240,192,165,13,182)
> 12:40:06 Command: LIST
> 12:40:06 Status: Connecting to 10.176.203.200:8080...
> 12:40:06 Status: Connection with proxy established, performing handshake...
> 12:40:06 Response: Proxy reply: HTTP/1.0 403 Forbidden
> 12:40:06 Error: Proxy handshake failed: ECONNRESET - Connection reset by peer
> 12:40:27 Error: Connection timed out
> 12:40:27 Error: Failed to retrieve directory listing"
>
> Then from access.log in squid:-
> "1250847708.496 1 10.176.203.85 TCP_DENIED/403 1423 CONNECT
> 80.240.192.165:3510 - NONE/- text/html
> 1250847729.392 21724 10.176.203.85 TCP_MISS/200 486 CONNECT
> www.icuh2009.org:21 - DIRECT/80.240.192.165 -"
>
> Please do help.

Ah progress. Good.

The problem is that FileZilla is trying to pass the data link through
the proxy as a separate connection to a random (thus non-permitted) port.

You have a choice:
   allow your user IPs to CONNECT random ports on the range 1024-65535.
(Okay if its just you and/or a trusted few using the proxy)
or
   find the settings in FileZilla which do data transfer through the
control channel. (and advise any others doing this through the proxy to
try that)
or
   use a dedicated FTP proxy (aka http://google.com/search?q=frox)

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13

Received on Fri Aug 21 2009 - 10:01:43 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 21 2009 - 12:00:03 MDT