ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html
" Active and passive FTP support on the user-facing side; require passive
connections to come from the control connection source IP address."
On 06/15/2017 09:55 AM, Matus UHLAR - fantomas wrote:
that means, if you open FTP control connection to squid, the passive data
connection to it must come from the same IP as control connection.
On 15.06.17 10:06, Alex Rousskov wrote:
IIRC, the above interpretation is the right one:
just for sure: my one?
* We support both active and passive FTP between an FTP client (a.k.a.
user) and Squid.
* When an FTP client is using passive mode, the data connection must
come from the same IP as the control connection. This restriction blocks
attacks that steal data connection of legitimate FTP users.
AFAIK, there are currently no plans (or even strong demand) to support
active FTP mode between Squid and FTP origin servers.
what is ftp_passive for then?
btw I suggest calling it "port" FTP mode instead of active
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
