About Squid's FTP-Proxy mode support!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

About Squid's FTP-Proxy mode support!

Koji Fushimi
Hello, All

Please provide information on Squid's support for FTP-Proxy mode.

In my understanding, the default is passive mode.
  -/etc/squid/squid.conf  ftp_passive ON

So if I want to work in Active mode, it is necessary to change
to ftp_passive off.

Is this understanding correct?

By the way, Is it possible to work both Active mode and Passive
mode simultaneously?
  -In our IT system, it is connected to many FTP Server (A-FTP Sever,
   B-FTP Server via Squid(FTP Proxy) Server. For example, A-FTP Server
   works in Active mode and B-FTP Server works in Passive mode.

Best regards, Koji

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: About Squid's FTP-Proxy mode support!

Amos Jeffries
Administrator
On 07/02/18 00:31, Koji Fushimi wrote:
> Hello, All
>
> Please provide information on Squid's support for FTP-Proxy mode.
>

Are you asking about the new "Native FTP" proxy feature?
 or Squid's older HTTP<->FTP gateway proxy feature?


> In my understanding, the default is passive mode.
>  -/etc/squid/squid.conf  ftp_passive ON
>

The ftp_passive directive controls HTTP<->FTP gateway interactions.


> So if I want to work in Active mode, it is necessary to change
> to ftp_passive off.
>
> Is this understanding correct?

No, Squid FTP gateway feature auto-detects the server active/passive
capabilities. Passive works most often, but Squid can fall back to
active if passive fails. There are some issues though which make active
fail sometimes.


"Native FTP" proxying relays the FTP mode chosen by the client. AFAICS
in the code there is some support for Squid translating between active
and passive mode transfers on the fly. Whether that works I cannot say.


But, please be aware that Active FTP often does not work through a proxy
for the same reasons it does not work through a NAT. In fact NAT is why
Passive is the default for the gateway feature.



>
> By the way, Is it possible to work both Active mode and Passive
> mode simultaneously?
>  -In our IT system, it is connected to many FTP Server (A-FTP Sever,
>   B-FTP Server via Squid(FTP Proxy) Server. For example, A-FTP Server
>   works in Active mode and B-FTP Server works in Passive mode.
>


It is technically possible in FTP since the difference is only in how
the DATA connections are established. However, Squid only supports one
DATA connection at a time per FTP client - so in reality there is no
"simultaneous" connections for this to actually happen on.


Whether your setup works is a question of whether the FTP client
negotiates a transfer mode that the server can perform *AND* can work
through a proxy/NAT. So the answer is "try it and find out".

Thanks for your interest in Squid.


PS. If you find Squid capabilities insufficient, we used to recommend
frox as the best option for native FTP proxying
(<http://frox.sourceforge.net/>).

Cheers
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: About Squid's FTP-Proxy mode support!

Alex Rousskov
In reply to this post by Koji Fushimi
On 02/06/2018 04:31 AM, Koji Fushimi wrote:

> In my understanding, the default is passive mode.
>  -/etc/squid/squid.conf  ftp_passive ON

Yes, passive mode is the default.

AFAIK, passive is also the only _working_ mode for Squid-origin
communication. FTP active mode is broken for Squid-origin connections
(and has been broken for many years IIRC).

Native FTP proxy (that Amos has mentioned in his response) supports both
passive and active FTP client-Squid connections. The ftp_passive
directive has no effect on those FTP client-Squid connections. Native
FTP proxy suffers from the same "active mode does not work" problem
mentioned above as far as Squid-origin connections are concerned.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: About Squid's FTP-Proxy mode support!

Koji Fushimi
Alex,

Thanks for providing useful information.
I'd like to consider further.

Best regards,
Koji


On 2018/02/07 1:46, Alex Rousskov wrote:

> On 02/06/2018 04:31 AM, Koji Fushimi wrote:
>
>> In my understanding, the default is passive mode.
>>   -/etc/squid/squid.conf  ftp_passive ON
> Yes, passive mode is the default.
>
> AFAIK, passive is also the only _working_ mode for Squid-origin
> communication. FTP active mode is broken for Squid-origin connections
> (and has been broken for many years IIRC).
>
> Native FTP proxy (that Amos has mentioned in his response) supports both
> passive and active FTP client-Squid connections. The ftp_passive
> directive has no effect on those FTP client-Squid connections. Native
> FTP proxy suffers from the same "active mode does not work" problem
> mentioned above as far as Squid-origin connections are concerned.
>
>
> HTH,
>
> Alex.
>

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users