Hello, I have a question regarding a native FTP relay (squid's version is 3.5.23).
I've tried to test this feature like this:
[Filezilla Client, 1.1.1.2] <-----> [ Router: iptables + squid ]
<-----> [vsftpd server, 5.5.5.10]
I've tried to test this feature like this:
[Filezilla Client, 1.1.1.2] <-----> [ Router: iptables + squid ]
<-----> [vsftpd server, 5.5.5.10]
The router is CentOS 6.5 machine. Firewall settings are:
ip route flush table 100
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 0x01/0x01
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 2121
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3128
No other rules are defined and default policy for INPUT/OUTPUT/FORWARD is ACCEPT. The rp_filter is disabled.
Squid's configuration file is attached.
With HTTP everything works fine, however FTP causes a problem. A client successfully connects and authenticates, but when it tries to execute LIST or RETR (when data connection should be established), Filezilla says "Connection closed by server". Meanwhile squid says the following:
ip route flush table 100
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 0x01/0x01
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 2121
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3128
No other rules are defined and default policy for INPUT/OUTPUT/FORWARD is ACCEPT. The rp_filter is disabled.
Squid's configuration file is attached.
With HTTP everything works fine, however FTP causes a problem. A client successfully connects and authenticates, but when it tries to execute LIST or RETR (when data connection should be established), Filezilla says "Connection closed by server". Meanwhile squid says the following:
commBind: Cannot bind socket FD 17 to 1.1.1.2: (99) Cannot assign requested address
What can be wrong with this setup?
Attachment:
squid.conf
Description: Binary data
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
