Hello Matus, You are right, the thing is that our clients are not going to open any other port than 20 and 21 for security meassures (or lazyness). So, if We can't use a dinamic data- port on the destination, passive ftp is discarded. The thing is that with the "ftp_passive off" directive the most of my clients don't work at all, just a couple of them demand active ftp and make my life a bit more complicated bcz of this deprecated way of ftp-ing. We are working with highly securized environments that make very difficult any kind of modification. Thank you very much for your time and effort. Regards On 15.06.17 19:58, javier perez wrote: >I found this on the oficial documentation: > >ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASE >NOTES.html > >Section 2.6 Relay FTP >FTP Relay highlights: >2nd line: > >" Active and passive FTP support on the user-facing side; require >passive connections to come from the control connection source IP address." IMHO that means, if you open FTP control connection to squid, the passive data connection to it must come from the same IP as control connection. That in fact means, you can't use squid for FXP (server-server transfers). >Does this mean that no active connections will be stablished between >the dest. Host and squid????? IMHO that one is still managed by ftp_passive option. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
