I found this on the oficial documentation: ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html Section 2.6 Relay FTP FTP Relay highlights: 2nd line: " Active and passive FTP support on the user-facing side; require passive connections to come from the control connection source IP address." Does this mean that no active connections will be stablished between the dest. Host and squid????? Thank you all in advance. Regards >On Thursday 15 June 2017 16:22:44 javier perez wrote: > >> I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. >> >> My configuration file looks like this: > >...snip... > >> acl SSL_ports port 443 21 On 15.06.17 13:03, Antony Stone wrote: >Why are you specifying port 21 as SSL? apparently result of windows settings "enable folder view for FTP sites" that causes explorer avoid using proxy for ftp:// and connect directly as FTP client. maybe IE in this case uses CONNECT tunnels for FTP protocol. I wonder how would it behave if you enabled SOCKS server. >"ftp_passive off" should mean that you can't do passive FTP through the >Squid server, but it won't stop the client application from trying. > >You need to tell the client system/s always to use active FTP (which >will go through Squid) - Squid can't do that for you - it will simply >allow or block whatever requests come its way. clients using squid as CONNECT proxy technically can't use PORT mode, since HTTP does not contain anything like LISTEN. intercepted FTP connections are something different, although support for this is relatively new (since 3.5) there is SOCKS protocol that supports listening required by PORT/EPRT mode, although most of FTP clients use passive by default (not sure about windows commandline FTP client - at least in XP is only supported PORT mode) -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
