On 26/06/2012 8:17 p.m., Jasper Van Der Westhuizen wrote:
Hi
I'm trying to force all FTP connections direct. I have a parent cache and at
the moment ftp connections via a brower works fine and is sent directly but my
problem is that when using a client like filezilla it sends the connection to
the parent cache and not directly.
I have enabled the following settings:
acl FTP proto FTP
always_direct allow FTP
acl Safe_ports port 21
http_access allow CONNECT Safe_ports
Is there anything I missed?
The small detail that Passive FTP uses random port numbers for data
connections. When tunneling through CONNECT the client is required to
only contact FTP sites with Passive FTP enabled and listening for client
connections (there is no listening port on the proxy to receive port-20
connections from the WAN). The private one-use data port number is sent
encoded across the port 21 connection.
For safety FTP connections need to go over FTP ports through teh
firewall which can perform the right checks and enable the required
two-way FTP channels.
Amos
