Hello, thank you for the information. If I sepcify the following parameter in my configuration file it : ftp_epsv OFF FTP with firefox is working. I think users will needs to use Filezilla or something equivalent, so what kind of Solution Do I Have ? My main goal is to setup a squid in order to specify bandwith limitation. By the way, does delay_parameters are apply to Safe_ports ? For information I use the following ACL : delay_access 1 allow all Regards, Hugo On 7 May 2012 02:25, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 07.05.2012 05:49, Hugo Deprez wrote: >> >> I did check this parameter and I don't have it. > > > http://www.squid-cache.org/Doc/config/ftp_passive/ > > All currently supported Squid have it. Do not confuse the option being > absent from the squid.conf file for being not supported. Listing all the > directives takes many pages of text, which is not nice to wade through so > most directives are now omitted from the config when at default values. > > >> >> I don't really know how squid deal with ftp trafic, as in passive >> mode, the port is selected by the server. > > > And when passed a ftp:// URL (ie from Firefox) Squid connects to it as > requested by the server. Or tries to anyway. Sometimes things go wrong and > it should fall back to trying all possible modes until one works. > > This is where the ftp_passive directive comes in, forcing the passive modes > on/off. You can leave ftp_passive ON and turn ftp_epsv OFF to get the old > IPv4-only passive mode. The default in 3.1 is to try the newer EPSV passive > mode first. ftp_passive OFF skips straight to trying the EPRT then PORT > modes. > > There is also an ftp_eprt ON/OFF directive for new EPRT active mode. > > > (this all needs to be documented properly.) > > >> >> On 6 May 2012 19:10, Jose-Marcio Martins da Cruz wrote: >>> >>> >>> I don't know if this is related... >>> >>> I had some problems like this one, using filezilla, but I don't remember >>> which was the log message. >>> >>> I had, from old configuration files, the directive : >>> >>> ftp_passive off >>> >>> and this was the reason. I just commented it out and the proxy works now >>> as >>> a charm. >>> >>> Hugo Deprez wrote: >>>> >>>> >>>> Hello, >>>> >>>> I just installed squid3 from wheezy repository : >>>> >>>> ii squid3 3.1.19-1+b1 >>>> Full featured Web Proxy cache (HTTP proxy) >>>> ii squid3-common 3.1.19-1 >>>> Full featured Web Proxy cache (HTTP proxy) - common files >>>> >>>> I try with FF12 still the same issue : >>>> >>>> ******* - - [06/May/2012:18:47:17 +0200] "GET ftp://ftp.free.fr/ >>>> HTTP/1.0" 504 4118 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) >>>> Gecko/20100101 Firefox/12.0" TCP_MISS:DIRECT >>>> >>>> I tried with filezilla, I get the following error : >>>> >>>> >>>> ***** - - [06/May/2012:18:44:56 +0200] "CONNECT ftp.free.fr:21 >>>> HTTP/1.0" 200 266 "-" "FileZilla" TCP_MISS:DIRECT >>>> ***** - - [06/May/2012:18:44:57 +0200] "CONNECT 212.27.60.27:6846 >>>> HTTP/1.0" 403 3561 "-" "FileZilla" TCP_DENIED:NONE >>>> >>>> seems that the client is using passive mode, as it try to connect to >>>> the FTP server to the port 6846. >>>> How to deal with that ? >>>> What is the difference between firefox and filezilla from FTP's >>>> protocol point of view ? > > > Firefox is just passing an ftp:// URL to Squid and asking for squid to GET > it and send the reply via HTTP protocol. All the FTP double-channel protocol > bits are handled internally by Squid. > > Filezilla is trying to use native FTP protocol, but tunneling it as binary > CONNECT tunnels through the proxy. Active mode FTP where Filezilla opens the > port and server connects inbound does not work at all. But in passive mode > where the server presents a IP:port, Filezilla can open a second data > CONNECT channel and fetch through it. As shown by your logs. > ** for this to work you require SSL_ports to contain 21 and 1025-65535 same > as Safe_ports does normally. This wide range of ports is VERY insecure, > which is why most networks do not permit it. > > Amos
