On 26/06/2012 8:17 p.m., Jasper Van Der Westhuizen wrote:
> Hi
>
> I'm trying to force all FTP connections direct. I have a parent cache and at the moment ftp connections via a brower works fine and is sent directly but my problem is that when using a client like filezilla it sends the connection to the parent cache and not directly.
>
> I have enabled the following settings:
>
> acl FTP proto FTP
> always_direct allow FTP
> acl Safe_ports port 21
> http_access allow CONNECT Safe_ports
>
> Is there anything I missed?
The small detail that Passive FTP uses random port numbers for data
connections. When tunneling through CONNECT the client is required to
only contact FTP sites with Passive FTP enabled and listening for client
connections (there is no listening port on the proxy to receive port-20
connections from the WAN). The private one-use data port number is sent
encoded across the port 21 connection.
For safety FTP connections need to go over FTP ports through teh
firewall which can perform the right checks and enable the required
two-way FTP channels.
Amos
Received on Tue Jun 26 2012 - 09:39:24 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 26 2012 - 12:00:04 MDT