Hi Henrik Thank you for this hint. I put the directive "ftp_epsv off" in my squid.conf; now it's working as expected. Regards, Tom 2010/6/10 Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx>: > tor 2010-06-10 klockan 10:29 +0200 skrev Tom Tux: >> Hi >> With Squid 3.1.3, I'm not able to connect a ftp-site (ex. >> ftp://ftp.gnu.org/). The squid-process tries to connect the ftp-server >> with a dynamic port (not tcp 21). This will be blocked through our >> firewall: >> tcp 0 1 squidproxy:37656 ftp.gnu.org:64789 SYN_SENT >> 106 562158 6442/(squid) > > Works for me. > >> I have a analog configuration with squid 3.0.STABLE 23 and there it >> works. The squid-process connect the remote-ftp-server with the normal >> port tcp 21. > > The main difference is that 3.1 uses EPSV if supported by the FTP > server, while 3.0 uses PASV. So your firewall need to support EPSV FTP > data connection tracking if strict on checking outgoing connections. > > Regards > Henrik > >
