FTP over Squid-Proxy

[knick]

All,

does anyone got SS working with Squid as a proxy for FTP-Connections? I'm able to login to the desired FTP-Server but SS loops when it tries to get the filelisting....

Any ideas?

Thanks,
Michael

[Petr Solin]

Go to menu Options > Plugins Configuration > FTP Client, page Defaults, click Proxy server: Add. Enter some name (e.g. "Squid"), Choose "HTTP 1.1" in Type combobox, enter address (or IP) and port of your squid proxy server, username+password (if not used, leave them empty).

[knick]

Hi Petr,

I had no problems to configure the proxy. But it doesn't work - that's my problem

Any chance to trace the traffic using SS ?!?!?

Bye,
Michael

[Petr Solin]

It's strange because your HTTP proxy server opens control connection but probably fails when it opens data connection. Both connections are opened in the same way (data connection must be passive - PASV command in FTP log). Maybe it depends on port number (control connection is on port 21, data connection is on port returned by FTP server).

Please send me couple of lines from your FTP log:
-go to menu Plugins > FTP Client > Show Log
-copy couple of lines surrounding LIST command, something like this:

Code: Select all

PWD
257 "/pub/altap/salamand" is current directory.
(11:21:15): Listing path "/pub/altap/salamand"...
PASV
227 Entering Passive Mode (81,0,236,241,143,226).
TYPE A
200 Type set to A
LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete.
(11:21:15): Text listing was parsed by "UNIX1" server type...

[knick]

Petr,

I've tried from home (similar setup here) and I figured out that Squid is configured very restrictive (default). I had to add an ACL to allow clients to use Ports > 1024 (for the data-connection).

Tomorrow I will chek if at our office this is the same problem.

I wonder why you use the CONNECT-Method and don't use the regular way like a Web-Browser does?!?!?

Thank you so far,
Michael

[knick]

Ok, it was a typo in my squid.conf file.... Sorry for the trouble

Bye & Thanks,
Michael

[Petr Solin]

I wonder why you use the CONNECT-Method and don't use the regular way like a Web-Browser does?!?!?

CONNECT is the way how to connect to FTP server using FTP protocol. Our FTP client doesn't support HTTP protocol. We plan to add support for downloading files using HTTP protocol (you will enter URL from web-browser and we will download it with support for resumes, etc.).

[Guest]

is it the same like in Totalcommandre, called "http proxy with ftp support" ?

[Petr Solin]

is it the same like in Totalcommandre, called "http proxy with ftp support" ?

No, it's same as "HTTP CONNECT".

[Phoenix.bg]

I have the similar problem, after the successfully login, Altap's FTP Directory can't be listen.

My FTP Log look this:
-----------------------------------------------------------------------------------
FTP server address: ftp.altap.cz, port: 21, user: anonymous
Proxy server name: Squid1, type: Transparent
Proxy server address: 192.168.1.1, port: 3128, user:
Connecting to "ftp.altap.cz" (81.0.236.241) on port 21.
Log UID is 12, time is 23.5.2006 г. - 18:38:35.

220 FTP server ready.
USER anonymous
331 Anonymous login ok, send your complete email address as your password.
PASS (hidden)
230-
230- Welcome from 212.95.186.121!
230- This is ftp.altap.cz FTP server.
230-
230- Current server time is Tue May 23 17:37:22 2006.
230- The number of current users is 4 (from max. 100).
230- If you have any unusual problems, please report them
230- via e-mail to root@www.altap.cz.
230-
230- Your session is logged, if you do not like this policy, disconnect now.
230-
230 Anonymous access granted, restrictions apply.
(18:38:35): Logged in successfully, getting system information...
SYST
215 UNIX Type: L8
PWD
257 "/" is current directory.
(18:38:35): Changing path to "/pub/altap/salamand"...
CWD /pub/altap/salamand
250 CWD command successful
PWD
257 "/pub/altap/salamand" is current directory.
(18:38:36): Listing path "/pub/altap/salamand"...
PASV
227 Entering Passive Mode (81,0,236,241,176,242).
TYPE A
200 Type set to A
LIST
(18:38:57): Data connection error: (10060) A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
(18:39:04): Operation canceled by user.
(18:39:04): Text listing was parsed by "UNIX1" server type...
--------------------------------------------------------------------------
If i not use proxy, the problem is away ? Strangely, isn't it ?
ScreenShot here>Here

[Petr Solin]

With Transparent proxy server type FTP Client ignores Address+Port (I'll disable these two fields in dialog in this case to make it clear). So if you do not enter User+Password for your proxy server, it should work the same way as if you set no proxy server. I think that timeout you have reported here was really timeout and not proxy error.

[Phoenix.bg]

This is true, bud when i choose "HTTP 1.1" type proxy, get error like this :
"Proxy server is not able to open connection to FTP server "ftp.altap.cz" (port 21).
Error: 403 Forbidden
Waiting 14 seconds to reconnect (attemt no. 27 of 61), press the ESC key to cancel..."
I am sure that my proxy access is completely guaranted and my settings ist OK (without username and password)

[Petr Solin]

Please test your proxy server also with some other FTP Client (e.g. FileZilla), let me know if it reports the same error. It seems that you don't have access rights to connect to internet (check your proxy server settings).

BTW, I do not understand why you try to set up FTP to use proxy server when it works without it, doesn't it?

[Phoenix.bg]

With Other FTP Client i not have none problems; Be there Screenshots of Total Comander's FTP Client>
Connection Settings and Opened FTP Directory
I apologize much for the bad english !

[Petr Solin]

With Other FTP Client i not have none problems; Be there Screenshots of Total Comander's FTP Client>
Connection Settings and Opened FTP Directory
I apologize much for the bad english !

Our FTP Client does not support "HTTP Proxy with FTP support" as known from TC - it's not FTP protocol (see TC help). Our HTTP proxy is the same as "HTTP CONNECT" in TC. We don't even plan to support "HTTP Proxy with FTP support".