On Thursday 26 January 2017 at 17:41:21, Alexander wrote:
> It seems that I have solved the issue by using nf_conntrack_ftp and
> redirecting "NEW,RELATED" traffic to squid:
Excellent news.
> ftp_port 2121 intercept
>
> modprobe nf_conntrack_ftp ports=2121
>
> iptables -t nat -A PREROUTING -p tcp --dport 21 -j REDIRECT --to-port 2121
> iptables -t nat -A PREROUTING -p tcp -m state --state NEW,RELATED -j
> REDIRECT
Just out of interest, how are you getting the FTP traffic to the Squid box in
the first place?
I assume you're not routing all Internet-bound traffic via this machine
(otherwise that second REDIRECT rule would cause problems for SSH, SMTP, IMAP,
etc), so how are you identifying the FTP traffic to get it from your router to
the Squid box?
Antony.
--
Police have found a cartoonist dead in his house. They say that details are
currently sketchy.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
