On 07.06.2012 08:28, Nicolas C. wrote:
Hello,
I'm using Squid as a http/ftp proxy on a university, most of your
workstations and servers have IPv6 activated.
I recently upgraded my Squid proxies to version 3.1.6 (Debian
Squeeze) and the workstations are connecting to the proxy using IPv6
(or IPv4) with no problem.
3.1.6 has quite a few issues with IPv4/IPv6 behaviour in FTP. Please
try upgrading to the 3.1.19 package in Debian Wheezy/Testing or
Unstable.
A few computers need to access FTP servers on the Internet and there
are some issues when accessing a IPv4 FTP server : the FTP client
(FileZilla) is using IPv6 to connect to the proxy and it uses FTP
commands unknown to the FTP server (EPSV for example), using the
"ftp_epsv off" option in Squid has no effect.
As a workaround, to force FTP clients to connect to Squid using IPv4,
I created a "proxy-ftp" entry in our DNS pointing to the IPv4 address
of the proxy. If FileZilla is configured to use "proxy-ftp", it's
working fine.
The problem is that sometimes the FTP server has IPv6 enabled and
then it's not working, the workstation is using IPv4 to reach Squid
which is using IPv6 to reach the FTP server. The FTP client is
immediately failing after a PASV command.
Squid is coded to try IPv6+IPv4 compatible commands (EPSV) first. If it
gets as far as trying IPv4-only PASV command it will not go backwards to
trying the IPv6+IPv4 EPSV command.
... "ftp_epsv off" is making Squid go straight to PASV and skip all
the non-IPv4 access methods.
The third option is to upgrade your FTP server to one which supports
those extension commands (they are for optimising IPv4 as much as IPv6
support). Then you won't have to hack protocol translation workarounds
through Squid to access it from modern FTP clients.
Amos
