[squid-users] FTP: Error NLST Unable to build data connection: Invalid argument

Dear all

I'm using squid 3.1.7, when i'm browsing on ftp server like

ftp://ftp.univ-tlse1.fr/
ftp://ftp.redhat.com

Browser give error :
******************************************************************
An FTP protocol error occurred while trying to retrieve the URL:
ftp://ftp.univ-tlse1.fr/

Squid sent the following FTP command:
NLST

The server responded with:
Unable to build data connection: Invalid argument

******************************************************************

here it is my squid.conf

auth_param basic credentialsttl 2 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 60 seconds
cache_effective_user squid
cache_effective_group squid
#--------- TWEEKS PERFORMANCES
# http://blog.last.fm/2007/08/30/squid-optimization-guide
memory_pools off
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off

#--------- squidGuard

#Disabled
#--------- SQUID PARENTS (feature not enabled)

#--------- acls
acl blockedsites url_regex "/etc/squid3/squid-block.acl"
acl localhost src 127.0.0.1/32
acl localhost src ::1/128
acl to_localhost dst ::1/128
acl CONNECT method CONNECT
acl manager proto cache_object
acl FTP proto FTP
acl multimedia_rep rep_mime_type -i ^video/x-ms-asf$
acl multimedia_rep rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
acl multimedia_rep rep_mime_type -i ^application/x-mms-framed$
acl multimedia_rep rep_mime_type -i ^image/
acl multimedia_rep rep_mime_type -i ^video
acl multimedia_rep rep_mime_type -i ^audio
acl multimedia_rep rep_mime_type -i ^application/x-dvi$
acl multimedia_rep rep_mime_type -i ^application/x-isoview
acl multimedia_browsers browser -i ^Windows-Media-Player.* -i ^.*player.*
acl bigfiles_types urlpath_regex -i \.deb$
acl bigfiles_types urlpath_regex -i \.rpm$
acl bigfiles_types urlpath_regex -i \.iso$
acl bigfiles_types urlpath_regex -i \.tar\.gz$
acl bigfiles_types urlpath_regex -i \.gz$
acl bigfiles_types urlpath_regex -i \.bz$
acl bigfiles_types urlpath_regex -i \.tar$
acl bigfiles_types urlpath_regex -i \.cue$
acl bigfiles_types urlpath_regex -i \.nrg$
acl bigfiles_types urlpath_regex -i \.crf$
acl bigfiles_types urlpath_regex -i \.bwi$
acl bigfiles_types urlpath_regex -i \.bwt$
acl bigfiles_types urlpath_regex -i \.lcd$
acl bigfiles_types urlpath_regex -i \.ccd$
acl bigfiles_types urlpath_regex -i \.mdf$
acl bigfiles_types urlpath_regex -i \.mds$
acl bigfiles_types urlpath_regex -i \.vcd$
acl bigfiles_types urlpath_regex -i \.cif$
acl bigfiles_types urlpath_regex -i \.vdi$
acl bigfiles_types urlpath_regex -i \.img$
acl office_network src 192.168.1.0/24

#--------- MAIN RULES...
# --------- SAFE ports
acl Safe_ports port 80 #http
acl Safe_ports port 20 #ftp-data
acl Safe_ports port 21 #ftp
acl Safe_ports port 22 #ssh
acl Safe_ports port 443 563 #https, snews
acl Safe_ports port 1863 #msn
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 631 #cups
acl Safe_ports port 873 #rsync
acl Safe_ports port 901 #SWAT#
http_access allow localhost
http_access allow manager localhost
http_access deny blockedsites
acl MULTIMEDIA rep_mime_type -i
^(audio\/x-mpegurl|audio\/mpeg|video\/flv|video\/x-flv|application\/x-shockwave-flash|audio\/ogg|video\/ogg|application\/ogg)$
http_access allow office_network
acl SSL_ports port 443 563 6667 9000 2
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny all

# --------- ident_lookup_access
hierarchy_stoplist cgi-bin ?

# --------- General settings
visible_hostname proxyweb

# --------- time-out
dead_peer_timeout 10 seconds
dns_timeout 2 minutes
connect_timeout 1600 seconds
persistent_request_timeout 3 minutes
pconn_timeout 1600 seconds

# --------- Objects limits
request_body_max_size 5 MB
request_header_max_size 64 KB
maximum_object_size 300 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB

#http/https ports
http_port 3128 transparent
https_port 3129 transparent ssl-bump cert=/etc/squid3/ssl/cacert.pem
key=/etc/squid3/ssl/privkey.pem

# --------- SSL Rules
acl no_ssl_bump dstdomain .socgen.com
acl no_ssl_bump dstdomain .societegenerale.com
acl no_ssl_bump dstdomain .societegenerale.de
acl no_ssl_bump dstdomain .societegenerale.fr
ssl_bump deny no_ssl_bump
ssl_bump allow all
always_direct allow all

# --------- Caches
#cache_replacement_policy heap LFUDA
cache_mem 8 MB
cache_swap_high 90
cache_swap_low 95
# --------- DNS and ip caches
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

#--------- FTP specific parameters
ftp_list_width 32
ftp_passive yes

debug_options ALL,1
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
icp_port 3130

#Logs-------------------------------------------------
emulate_httpd_log on
#fqdn is enabled no filters activated.
log_fqdn on
coredump_dir /var/squid/cache
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
pid_filename /var/run/squid.pid
access_log /var/log/squid/access.log

cache_dir ufs /var/cache/squid 2000 16 256
# --------- OTHER CACHES
Received on Sun Sep 12 2010 - 18:59:22 MDT