On 01/23/2017 03:11 AM, Alexander wrote:
> 3. Squid opens a local port and sends it back to client via the "Entering
> passive mode" reply. Seems to be ok, but a client sees a real server's IP
> address, not a squid's one. So when a client tries to connect to a server,
> it gets ECONNREFUSED because no-one is listening on a requested port.
This Squid behavior is intentional:
> // In interception setups, we combine remote server address with a
> // local port number and hope that traffic will be redirected to us.
...
> mb.appendf("227 Entering Passive Mode (%s,%i,%i).\r\n",
> So when a client tries to connect to a server,
... your networking rules should redirect that connection to Squid in
order to avoid the problem you are describing:
> it gets ECONNREFUSED because no-one is listening on a requested port.
Please note that I am _not_ claiming that the intentional Squid behavior
is correct in all cases. I only know that we made Squid do what it does
now to fix a (most likely real) problem:
> revno: 12742.1.11
> branch nick: ftp-gw
> timestamp: Wed 2013-08-21 09:39:09 -0600
> message:
> Fixed address handling for PASV responses in interception cases.
HTH,
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
