On Thu, 2016-10-20 at 14:07 +0000, Gael Ancelin wrote: > Hello, > > I have searched in maillist archives but have not seen so far someone > with the > same problem. > > My Squid's objective is to foward FTP & HTTP requests to a distant > server. > > Squid is running on CentOS 7.2. > uname -r : 3.10.0-327.28.3.el7.x86_64 > squid -v : Version 3.5.20 > > > I don't have the choice to use anything but Squid, and I can't use > firewalling > rules for forwarding directly ports. > > > WAN_1stPublic_IP ----------------------------[FIREWALL_1] --- > --[FTP_SERVER] > > WAN_2ndPublic_IP ---[FIREWALL_2]--[SQUID]-----[VPN]-----[FTP_SERVER] > > > Here's my problem : > When I'm connecting in FTP on the 2nd Public IP, everything is ok, > but when I > want to switch to passive mode, Squid is sending his own private ip > instead of > the 2nd public IP. So the connexion timed out. > > > ftp> open <WAN 2ndPublic IP> > Connected to <WAN 2ndPublic IP> (<WAN 2ndPublic IP>). > 220 Service ready > Name (<WAN 2ndPublic IP>:<user>): <login> > ---> USER <login> > 331 Please specify the password. > Password: > ---> PASS XXXX > 230 Login successful. > ---> SYST > 215 UNIX Type: L8 > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> pwd > ---> PWD > 257 "/" > ftp> ls > ---> PASV > 227 Entering Passive Mode (<SQUID Private IP>,<port>). > ftp: connect: Connexion terminée par expiration du délai d'attente > > > Is there a way to "force" Squid to resend his public IP ? > I'm thinking of something like "pasv_address" option in vsftpd, but > for squid. > > Gaël Ancelin Hi, Can you provide the configuration options related to FTP? I can't reproduce the problem using following method: # diff etc/squid.conf.default etc/squid.conf 73a74,75 > > ftp_port 21 --- $ ftp 127.0.0.1 Connected to 127.0.0.1. 220 Service ready Name (127.0.0.1:user): anonymous@xxxxxxxxxxxxxxxx 530 Must login first 530 Must login first SSL not available 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> passive Passive mode on. ftp> ls 227 Entering Passive Mode (127,0,0,1,229,181). 150 Here comes the directory listing. drwxr-xr-x 19 ftp ftp 4096 Oct 21 05:00 altlinux ... drwxr-xr-x 11 ftp ftp 4096 Oct 21 03:16 ubuntu-releases 226 Transfer complete --- The example showed that Squid returned the IP address of the interface facing the client, not the IP address of my interface facing the origin. Garri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
