I have 1 windoze client accessing a squid proxy allwing pasv ftp connections. The client 10.0.0.180 is configured like this: default gw 10.0.0.191 proxy settings in ie5: 10.0.0.191 port 3128 for all protocols.
All this worked for me in a corporate network, with Win95, NT & Win98 clients.
the ftp conneting speed is painful slow. The windoze 2k box first tries to have ftp routed over 10.0.0.191, then it realizes (due to the rejected packtes which produces icmp dest unreachables) it has to use the proxy's port 3128.
Look this is a browser bug, if you have set a proxy and it's ftp is not using the proxy. If you're using another ftp client, then AFAIK you cannot expect it to use IE's proxy settings. The name resolution should only occur once for the ftp server, but the idea that it's trying WINS and then falling back to DNS is a good one, just ignore M$ and use DNS.
Then it connects after ages of waiting to the ftp server in pasv mode. Trying to change directory on a ftp server takes up to several minutes of waiting.
You have time outs on every connection, sometimes this is because the ftp server is making an IDENT check? Perhaps you need to deny rather than reject/drop packets (forgive me if it's reject & deny/drop and I've mixed that up). In this case I think it's because the client ftp-data connections suffer same problem as the control connection.
In case I remove the default gw setting from win2k client's tcp/ip settings the ftp connecting speed is ok.
How can I tell windoze 2k or ie5 to first take a look into ie5 proxy settings and if successless try to connect via routing? Anybody got an idea?
Sounds a bad idea to me, I wonder if you have automatic settings overiding your proxy entries? The thing works without default route, because it gets 'network unreachable' instantly rather than trying to put the packets out itself. Just simplify, use a proxy, and always use it, rather than a complicated fall back strategy that is probably confusing the software. If this doesn't work, upgrade the software ie. 'doze 2K or IE5 (ideally with SuSE 7.2 and konqueror/opera/mozilla). Rob