On 07.05.2012 05:49, Hugo Deprez wrote:
> I did check this parameter and I don't have it.
http://www.squid-cache.org/Doc/config/ftp_passive/
All currently supported Squid have it. Do not confuse the option being
absent from the squid.conf file for being not supported. Listing all the
directives takes many pages of text, which is not nice to wade through
so most directives are now omitted from the config when at default
values.
>
> I don't really know how squid deal with ftp trafic, as in passive
> mode, the port is selected by the server.
And when passed a ftp:// URL (ie from Firefox) Squid connects to it as
requested by the server. Or tries to anyway. Sometimes things go wrong
and it should fall back to trying all possible modes until one works.
This is where the ftp_passive directive comes in, forcing the passive
modes on/off. You can leave ftp_passive ON and turn ftp_epsv OFF to get
the old IPv4-only passive mode. The default in 3.1 is to try the newer
EPSV passive mode first. ftp_passive OFF skips straight to trying the
EPRT then PORT modes.
There is also an ftp_eprt ON/OFF directive for new EPRT active mode.
(this all needs to be documented properly.)
>
> On 6 May 2012 19:10, Jose-Marcio Martins da Cruz wrote:
>>
>> I don't know if this is related...
>>
>> I had some problems like this one, using filezilla, but I don't
>> remember
>> which was the log message.
>>
>> I had, from old configuration files, the directive :
>>
>> ftp_passive off
>>
>> and this was the reason. I just commented it out and the proxy works
>> now as
>> a charm.
>>
>> Hugo Deprez wrote:
>>>
>>> Hello,
>>>
>>> I just installed squid3 from wheezy repository :
>>>
>>> ii squid3 3.1.19-1+b1
>>> Full featured Web Proxy cache (HTTP proxy)
>>> ii squid3-common 3.1.19-1
>>> Full featured Web Proxy cache (HTTP proxy) - common files
>>>
>>> I try with FF12 still the same issue :
>>>
>>> ******* - - [06/May/2012:18:47:17 +0200] "GET ftp://ftp.free.fr/
>>> HTTP/1.0" 504 4118 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0)
>>> Gecko/20100101 Firefox/12.0" TCP_MISS:DIRECT
>>>
>>> I tried with filezilla, I get the following error :
>>>
>>>
>>> ***** - - [06/May/2012:18:44:56 +0200] "CONNECT ftp.free.fr:21
>>> HTTP/1.0" 200 266 "-" "FileZilla" TCP_MISS:DIRECT
>>> ***** - - [06/May/2012:18:44:57 +0200] "CONNECT 212.27.60.27:6846
>>> HTTP/1.0" 403 3561 "-" "FileZilla" TCP_DENIED:NONE
>>>
>>> seems that the client is using passive mode, as it try to connect
>>> to
>>> the FTP server to the port 6846.
>>> How to deal with that ?
>>> What is the difference between firefox and filezilla from FTP's
>>> protocol point of view ?
Firefox is just passing an ftp:// URL to Squid and asking for squid to
GET it and send the reply via HTTP protocol. All the FTP double-channel
protocol bits are handled internally by Squid.
Filezilla is trying to use native FTP protocol, but tunneling it as
binary CONNECT tunnels through the proxy. Active mode FTP where
Filezilla opens the port and server connects inbound does not work at
all. But in passive mode where the server presents a IP:port, Filezilla
can open a second data CONNECT channel and fetch through it. As shown by
your logs.
** for this to work you require SSL_ports to contain 21 and 1025-65535
same as Safe_ports does normally. This wide range of ports is VERY
insecure, which is why most networks do not permit it.
Amos
Received on Mon May 07 2012 - 00:25:21 MDT
This archive was generated by hypermail 2.2.0 : Tue May 08 2012 - 12:00:04 MDT