On 26/06/2012 8:17 p.m., Jasper Van Der Westhuizen wrote:
Hi I'm trying to force all FTP connections direct. I have a parent cache and at the moment ftp connections via a brower works fine and is sent directly but my problem is that when using a client like filezilla it sends the connection to the parent cache and not directly. I have enabled the following settings: acl FTP proto FTP always_direct allow FTP acl Safe_ports port 21 http_access allow CONNECT Safe_ports Is there anything I missed?
The small detail that Passive FTP uses random port numbers for data connections. When tunneling through CONNECT the client is required to only contact FTP sites with Passive FTP enabled and listening for client connections (there is no listening port on the proxy to receive port-20 connections from the WAN). The private one-use data port number is sent encoded across the port 21 connection.
For safety FTP connections need to go over FTP ports through teh firewall which can perform the right checks and enable the required two-way FTP channels.
Amos
