thanks for the reply, I've seen that the ftp_passive is enabled on squid by default, so it's no needed to enable. Later thinking about this again, Im going to try without squid as ftp proxy because it should be dificult to select only ftp trafic from the squid machine because is mixed on the same port with http trafic. So to solve the problem, I will send ftp conections through only one adsl, what makes ftp work without problems for a user inside the LAN conecting to an ftp server in passive mode. I will put this rules on pf.conf of the openbsd firewall. pass in on $int_if route-to ($ext_if1 $ext_gw1)} proto tcp from $lan_net to \ !vpn_net port 21 keep state #ports on ftp openbsd servers #acording to openbsd documentation pass in on $int_if route-to ($ext_if1 $ext_gw1)} proto tcp from $lan_net to \ !$vpn_net port >49151 keep state #ports in ftp passive servers #acording to wikipedia pass in on $int_if route-to ($ext_if1 $ext_gw1)} proto tcp from $lan_net to \ !$vpn_net port >1023 keep state I haven't try it yet, tomorrow let's see if it works. Any comment would be much appreciated. Regards, - Daniel network engineer On 02/12/2007, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Daniel Porres wrote: > > Hi friends, > > > > Im having some problems making possible a FTP connection (control and > > data). Very often control connection establishes in one adsl and the > > data connection by the other dsl, and the far server don't like that. > > Im thinking to use squid ftp proxy under the firewall in other machine > > and procces the data for later send all ftp to the open bsd firewall. > > I dont know how to identify ftp squid data to send it only by one adsl > > and solve the problem of the load balancing with ftp conections. > > > > Thanks, > > Have you tried with "ftp_passive on"? > That should be making the remote server setup the data connection. > > Amos >