Hello, I have a question regarding a native FTP relay.
I have tried to test this feature like this:
[Filezilla Client, 1.1.1.2] <-----> [ Router: iptables + squid ]
<-----> [vsftpd server, 5.5.5.10]
Firewall settings on the router are:
ip route flush table 100
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 0x01/0x01
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 2121
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3128
No other rules are defined, default policies in chains is ACCEPT.
Squid's configuration file is attached.
With HTTP traffic everything works fine, however FTP causes a problem.
A client successfully connects and authenticates, but when it tries to
execute LIST or RETR (when data connection should be established),
Filezilla says "Connection closed by server". In squid's log I have
noticed some errors when establishing data connection (?), like
"failed to connect FTP server data channel". The log is also attached.
What can be wrong with this setup?
I have tried to test this feature like this:
[Filezilla Client, 1.1.1.2] <-----> [ Router: iptables + squid ]
<-----> [vsftpd server, 5.5.5.10]
Firewall settings on the router are:
ip route flush table 100
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 0x01/0x01
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 2121
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3128
No other rules are defined, default policies in chains is ACCEPT.
Squid's configuration file is attached.
With HTTP traffic everything works fine, however FTP causes a problem.
A client successfully connects and authenticates, but when it tries to
execute LIST or RETR (when data connection should be established),
Filezilla says "Connection closed by server". In squid's log I have
noticed some errors when establishing data connection (?), like
"failed to connect FTP server data channel". The log is also attached.
What can be wrong with this setup?
Attachment:
cache2.log
Description: Binary data
Attachment:
squid.conf
Description: Binary data
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
