Re: [squid-users] RV: squid

On 06/16/2017 06:22 AM, Matus UHLAR - fantomas wrote: >>> Alex Rousskov wrote: AFAIK, there are currently no plans (or even strong demand) to support active FTP mode between Squid and FTP origin servers. >> On 16/06/17 22:40, Matus UHLAR - fantomas wrote: >>> what is ftp_passive for then

Re: [squid-users] RV: squid

On 16/06/17 23:57, javier perez wrote: They could open just a range of 5 dinamic ports and monitor them intensively... I take it by "they" you mean the passive attacker? the server may open any of (2^N) * (2^15) ports, where N is the number of IPs assigned to the server both IPv4 and IPv6. A

Re: [squid-users] RV: squid

Citing: AFAIK, there are currently no plans (or even strong demand) to support active FTP mode between Squid and FTP origin servers. On 16/06/17 22:40, Matus UHLAR - fantomas wrote: what is ftp_passive for then? On 16.06.17 23:49, Amos Jeffries wrote: For controlling how Squid gateways "G

Re: [squid-users] RV: squid

They could open just a range of 5 dinamic ports and monitor them intensively... > Hello Matus, > > You are right, the thing is that our clients are not going to open any > other port than 20 and 21 for security meassures (or lazyness). FYI: The "for security" argument is bogus because; a) allo

Re: [squid-users] RV: squid

Yes!! I was wondering wtf is this xD!! I will check FROX, and ty again! Regards On 16/06/17 23:26, javier perez wrote: > Thank you very much Amos for your suggestion, I'm gonna study it > straight away. > Ouch. Sorry I thought one thing and typed another. What I meant to suggest was FROX and

Re: [squid-users] RV: squid

On 16/06/17 18:33, javier perez wrote: Hello Matus, You are right, the thing is that our clients are not going to open any other port than 20 and 21 for security meassures (or lazyness). FYI: The "for security" argument is bogus because; a) allowing any random client to determine their own a

Re: [squid-users] RV: squid

On 16/06/17 23:26, javier perez wrote: Thank you very much Amos for your suggestion, I'm gonna study it straight away. Ouch. Sorry I thought one thing and typed another. What I meant to suggest was FROX and similar. FoxyProxy is the browser integration thing for proxying.

Re: [squid-users] RV: squid

On 16/06/17 22:40, Matus UHLAR - fantomas wrote: ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html " Active and passive FTP support on the user-facing side; require passive connections to come from the control connection source IP address." On 06/15/2017 09:5

Re: [squid-users] RV: squid

Thank you very much Amos for your suggestion, I'm gonna study it straight away. Regards! On 16/06/17 18:42, javier perez wrote: > Hi Alex, > > I totally understand it

Re: [squid-users] RV: squid

ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html " Active and passive FTP support on the user-facing side; require passive connections to come from the control connection source IP address." On 06/15/2017 09:55 AM, Matus UHLAR - fantomas wrote: that means, if y

Re: [squid-users] RV: squid

On 16/06/17 18:42, javier perez wrote: Hi Alex, I totally understand it, and I know that active ftp is being deprecated, so It's logic that no further development It's gonna take place. That reason just makes it unlikely, not impossible. Squid being FOSS anyone can contribute patches at any t

Re: [squid-users] RV: squid

Hi Alex, I totally understand it, and I know that active ftp is being deprecated, so It's logic that no further development It's gonna take place. I'm happy with Squid, and it works perfectly on 99% of my clients but two. Thank you for your time. Regards. On 06/15/2017 09:55 AM, Matus UHLAR -

Re: [squid-users] RV: squid

http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of javier perez Sent: Thursday, June 15, 2017 1:53 PM To: squid-users@lists.squid-cache.org Subject: [squid-users]

Re: [squid-users] RV: squid

Hello Matus, You are right, the thing is that our clients are not going to open any other port than 20 and 21 for security meassures (or lazyness). So, if We can't use a dinamic data- port on the destination, passive ftp is discarded. The thing is that with the "ftp_passive off" directive the

Re: [squid-users] RV: squid

Hi Anthony, My server acts as a focal point for all ftp transfer on a highly securized network. I have more tan 100 static routes pointing to different gateways deppending on our client addresses. The thing is that only 2 of our customers have old fashioned active-ftp sites, so only bcz of th

Re: [squid-users] RV: squid

On Thursday 15 June 2017 16:22:44 javier perez wrote: > I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. Why? What are you trying to achieve by doing this, instead of simply allowing clients inside to connect to servers outside? Antony. -- I lay awake all night wond

Re: [squid-users] RV: squid

On 06/15/2017 09:55 AM, Matus UHLAR - fantomas wrote: >> ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html >> " Active and passive FTP support on the user-facing side; require passive >> connections to come from the control connection source IP address." > that mean

Re: [squid-users] RV: squid

ne 15, 2017 1:53 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] RV: squid Good morning squid users, I’m facing a weird situation in my Company… let me explain: I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. My configuration file looks like this: /etc/

Re: [squid-users] RV: squid

On 15.06.17 19:58, javier perez wrote: I found this on the oficial documentation: ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html Section 2.6 Relay FTP FTP Relay highlights: 2nd line: " Active and passive FTP support on the user-facing side; require passive co

Re: [squid-users] RV: squid

On Thursday 15 June 2017 19:58:59 javier perez wrote: > I found this on the oficial documentation: > > ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES > .html > > Section 2.6 Relay FTP > FTP Relay highlights: > 2nd line: > > " Active and passive FTP support on the u

Re: [squid-users] RV: squid

I found this on the oficial documentation: ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html Section 2.6 Relay FTP FTP Relay highlights: 2nd line: " Active and passive FTP support on the user-facing side; require passive connections to come from the control conne

Re: [squid-users] RV: squid

On Thursday 15 June 2017 16:22:44 javier perez wrote: I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. My configuration file looks like this: ...snip... acl SSL_ports port 443 21 On 15.06.17 13:03, Antony Stone wrote: Why are you specifying port 21 as SSL? appa

Re: [squid-users] RV: squid

>> I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. >> >> My configuration file looks like this: >...snip... snip? >> acl SSL_ports port 443 21 >Er, what? >Why are you specifying port 21 as SSL? I saw many guides that ask for it e.g. https://unix.stackexchange.com/qu

Re: [squid-users] RV: squid

On Thursday 15 June 2017 16:22:44 javier perez wrote: > I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. > > My configuration file looks like this: ...snip... > acl SSL_ports port 443 21 Er, what? Why are you specifying port 21 as SSL? > ftp_passive off ...snip...

[squid-users] RV: squid

Good morning squid users, I'm facing a weird situation in my Company. let me explain: I installed squid(3.5.20) on CentOS 7 minimal to perform as an ftp-proxy. My configuration file looks like this: /etc/squid/squid.conf ###