On Fri, 2016-10-21 at 08:27 +0000, Gael Ancelin wrote: > WAN_IP---[FW]-------localIP1-[SQUID]-localIP2------------localIP3- > [FTP_Server] > > I was expecting something like "227 Entering Passive Mode > (54,xx,xx,xx,213,249)." > with public ip. > What I want is a response like (WAN_IP,port), but what I obtain is > (localIP1,port) instead. > > Squid does not respond with the FTP server address, so I presume that > Squid is > understanding enough FTP protocol to modify response and put his own > ip address > instead of the real FTP server's. According to your scheme, FW is DNAT device and it forwards packets destined to FTP control channel port (21) on public IP of FW to private localIP1 of SQUID. In that scenario Squid don't even know that the client used WAN_IP to access FTP service and therefore it can't use the public IP even if it wish. > So I'm wondering if it exists a way to force squid to respond with a > fixed IP > address instead of his own local address. Here http://www.squid-cache.org/Doc/config/ you can find all available options. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
