Hi Henrik
Thank you for this hint. I put the directive "ftp_epsv off" in my
squid.conf; now it's working as expected.
Regards,
Tom
2010/6/10 Henrik Nordström <henrik_at_henriknordstrom.net>:
> tor 2010-06-10 klockan 10:29 +0200 skrev Tom Tux:
>> Hi
>> With Squid 3.1.3, I'm not able to connect a ftp-site (ex.
>> ftp://ftp.gnu.org/). The squid-process tries to connect the ftp-server
>> with a dynamic port (not tcp 21). This will be blocked through our
>> firewall:
>> tcp 0 1 squidproxy:37656 ftp.gnu.org:64789 SYN_SENT
>> 106 562158 6442/(squid)
>
> Works for me.
>
>> I have a analog configuration with squid 3.0.STABLE 23 and there it
>> works. The squid-process connect the remote-ftp-server with the normal
>> port tcp 21.
>
> The main difference is that 3.1 uses EPSV if supported by the FTP
> server, while 3.0 uses PASV. So your firewall need to support EPSV FTP
> data connection tracking if strict on checking outgoing connections.
>
> Regards
> Henrik
>
>
Received on Fri Jun 11 2010 - 06:21:40 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 11 2010 - 12:00:02 MDT