Hello Garri,
client FTP - Total Commander (I test WinSCP, FileZilla with same result - after 15 min connection interrupted) with proxy server - proxy server HTTP with FTP support:
part of squid.conf:
***************************************************************************************
acl SSL_ports port 21
acl SSL_ports port 1024-65535
acl SSL_ports port 1024-65535
acl SSL_ports port 443
acl SSL_ports port 8443
acl SSL_ports port 6400
acl SSL_ports port 8443
acl SSL_ports port 6400
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl FTP proto FTP
always_direct allow FTP
always_direct allow FTP
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
http_access allow localhost manager
http_access deny manager
###############
# http_access deny localnet !bandwidth_auth
###############
# http_access deny localnet !bandwidth_auth
###############
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
http_access deny all
# Squid normally listens to port 3128
#http_port 3128 transparent
http_port 3128
#http_port 3128 transparent
http_port 3128
ftp_port 21
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/log/squid/cache 100 16 256
#cache_dir ufs /var/log/squid/cache 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/log/squid/cache
coredump_dir /var/log/squid/cache
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
logfile_rotate 2
*************************************************************************
When I add ftp_port 21 in squid.conf and proxy.reload I get this message:
/etc/squid/squid.conf:129 unrecognized: 'ftp_port'
I found this: http://www.squid-cache.org/Doc/config/ftp_port/
Our version is Squid Cache ver. 3.3.8
Thank You
Ludek
---------- Původní zpráva ----------
Od: Garri Djavadyan <garryd@xxxxxxxxx>
Komu: squid-users@xxxxxxxxxxxxxxxxxxxxx
Datum: 22. 11. 2016 19:18:35
Předmět: Re: FTP interrupted
On 2016-11-22 22:24, Garri Djavadyan wrote:
> On 2016-11-22 17:05, ludek_coufal wrote:
>> Hello,
>> Squid Cache ver. 3.3.8 on CentOs Linux 7.2.1511
>>
>> FTP connection from local net over linux server CentOs firewall with
>> Squid proxy to internet FTP server is interrupted every 15 min (900
>> sec).
>> Large file upload is interrupted.
>> Direct connection without Squid proxy work OK.
>
> Hi,
>
> The issue may occur, if FTP client uses CONNECT method to connect to
> remote FTP servers. You can find details in the following thread:
>
> http://www.squid-cache.org/mail-archive/squid-users/200609/0111.html
If your FTP client connects to Squid's http_port then it uses CONNECT
method. To solve the problem try to use ftp_port and disable proxy
settings on FTP client.
For example:
1. Configure ftp_port.
# diff etc/squid.conf.default etc/squid.conf
59a60
> ftp_port 21
2. Connect from FTP client, where:
${squid_ip} - Squid's IP address
${squid_ftp_port} - configured ftp_port
${username} - username on remote FTP server
${ftp_server} - remote FTP server name/IP
${password} - password for remote FTP server
$ ftp ${squid_ip} ${squid_ftp_port}
Connected to localhost.localdomain.
220 Service ready
Name (localhost:garry): ${username}@${ftp_server}
530 Must login first
530 Must login first
SSL not available
331 Please specify the password.
Password: ${password}
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Garri
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
