Hello.
Recently I've noticed some issues in native FTP relay that made it unusable
with active FTP mode (data connection was not established):
http://lists.squid-cache.org/pipermail/squid-users/2017-February/014404.html
The attached patch allows FTP relay to work in NAT interception mode and also
fixes IP address binding in TPROXY mode. Unfortunately, I have no idea on how
to test TPROXY, but this patch should definitely make things better.
committer: Alexander Gozman <[email protected]>
timestamp: Tue 2017-02-14 13:29:52 +0300
message:
Native FTP relay: NAT and TPROXY interception fixes.
diff:
=== modified file 'src/servers/FtpServer.cc'
--- src/servers/FtpServer.cc 2017-01-01 00:14:42 +0000
+++ src/servers/FtpServer.cc 2017-02-14 10:29:52 +0000
@@ -1455,7 +1455,19 @@
// Use local IP address of the control connection as the source address
// of the active data connection, or some clients will refuse to accept.
- conn->setAddrs(clientConnection->local, cltAddr);
+ if (clientConnection->flags & COMM_TRANSPARENT) {
+ conn->setAddrs(clientConnection->local, cltAddr);
+ conn->flags |= COMM_TRANSPARENT;
+ } else {
+ // In case of NAT interception squid's local address
+ // will be used for outgoing connection.
+ conn->local.setAnyAddr();
+ conn->remote = cltAddr;
+
+ if (conn->remote.isIPv4())
+ conn->local.setIPv4();
+ }
+
// RFC 959 requires active FTP connections to originate from port 20
// but that would preclude us from supporting concurrent transfers! (XXX?)
conn->local.port(0);_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
