From owner-freebsd-security@FreeBSD.ORG Thu May 20 15:26:14 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A74DD1065670 for ; Thu, 20 May 2010 15:26:14 +0000 (UTC) (envelope-from ipfreak@yahoo.com) Received: from web52308.mail.re2.yahoo.com (web52308.mail.re2.yahoo.com [206.190.48.151]) by mx1.freebsd.org (Postfix) with SMTP id 39CBE8FC22 for ; Thu, 20 May 2010 15:26:13 +0000 (UTC) Received: (qmail 91400 invoked by uid 60001); 20 May 2010 14:59:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1274367573; bh=Zm+J1frAi6U7q8hCrbedjqZJxehW+34dfxr5SLC/Yqc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=4nVlFupTH3kH5JOVxAlwJLk5StJNS/GVjJmN/Q0VaPpTaMQU1b0I7PJn6q8GgHRi0EsP61qgVDpYxDZAaTsOKqVuxyTU109Hfadkk7OsmR6RZfbUW9/rtfo6TLz4LR/c0L+cUwC8TqcRvXg4Ad3YtlmOrRs/ZT6SbQDifv1cXw8= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=FM0iTw7WQpsiRY/J7jmA1sMzTdlZm7UiaMOY+arPUE13TuEKN9dbPXybLj4zPO8ndMgpt5XE5vnmj1qj6C/3cV0GDd47dopBMNgQoIpMXfag/Si5I5l8k9PRlHS8eBWcBTe25UebjTdKiwaBZDbhONwnhwGDnERQMlANaPdIkIk=; Message-ID: <111263.90106.qm@web52308.mail.re2.yahoo.com> X-YMail-OSG: 5MxFwXAVM1m.oS86Ckm85uDR6xA5izOy9kjokti1fOtlIQy t55k6j4j8LE4Re_TdydbY3X_XmfIMX2nfkFd85MDp7_RqHc57p.d5nfkXlBt X99vd8WxRL5ROmn9XivLmwBbGmu0egWTx3.k54VzpoGYIyMED_1aH56HJd8R DTm2GF47XDDw9QYPJ6ZAEY7V2WoCU1dxcv1S7ZrA2kuRykAzRfg3BNaOrbrg hI1ISoQ2ztw95D7EDTjMgopiCYZ31LOGCeDCgwS1QcuqDrqw91mqXBunj6Kx kMCb.q_lIwJnG3BriFTxCFF7W Received: from [134.207.53.14] by web52308.mail.re2.yahoo.com via HTTP; Thu, 20 May 2010 07:59:33 PDT X-Mailer: YahooMailClassic/11.0.8 YahooMailWebService/0.8.103.269680 Date: Thu, 20 May 2010 07:59:33 -0700 (PDT) From: gahn To: freebsd security , freebsd general questions MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Subject: ftp passive mode X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 May 2010 15:26:14 -0000 Hi All: I am behind firewall and only pass ftp sessions are allowed. With that, most ftp sessions of portupgrade would not be able to connect to remote FreeBSD sites. Could I reconfigure the my FreeBSD 7.3 in a way so that it would only start ftp sessions in PASV mode? Thanks. From owner-freebsd-security@FreeBSD.ORG Thu May 20 15:36:54 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DEF541065672 for ; Thu, 20 May 2010 15:36:54 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail5.sea5.speakeasy.net (mail5.sea5.speakeasy.net [69.17.117.49]) by mx1.freebsd.org (Postfix) with ESMTP id B82408FC08 for ; Thu, 20 May 2010 15:36:54 +0000 (UTC) Received: (qmail 31505 invoked from network); 20 May 2010 15:10:14 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail5.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 20 May 2010 15:10:14 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id A1E975082F; Thu, 20 May 2010 11:10:11 -0400 (EDT) From: Lowell Gilbert To: gahn References: <111263.90106.qm@web52308.mail.re2.yahoo.com> Date: Thu, 20 May 2010 11:10:11 -0400 In-Reply-To: <111263.90106.qm@web52308.mail.re2.yahoo.com> (gahn's message of "Thu, 20 May 2010 07:59:33 -0700 (PDT)") Message-ID: <44iq6i8v8s.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Thu, 20 May 2010 15:42:04 +0000 Cc: freebsd security , freebsd general questions Subject: Re: ftp passive mode X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 May 2010 15:36:55 -0000 gahn writes: > I am behind firewall and only pass ftp sessions are allowed. With that, most ftp sessions of portupgrade would not be able to connect to remote FreeBSD sites. > > Could I reconfigure the my FreeBSD 7.3 in a way so that it would only start ftp sessions in PASV mode? That should already be the default; FETCH_ARGS should be set to "-ApRr" in /etc/ports/Mk/bsd.port.mk (the 'p' option is what means "passive" mode). It certainly works for me, and has for many years. You can test by setting FTP_PASSIVE_MODE (to anything *except* "no") in the environment. From owner-freebsd-security@FreeBSD.ORG Thu May 20 16:10:03 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 465B41065677 for ; Thu, 20 May 2010 16:10:03 +0000 (UTC) (envelope-from njm@njm.me.uk) Received: from smtp004.apm-internet.net (smtp004.apm-internet.net [85.119.248.54]) by mx1.freebsd.org (Postfix) with SMTP id 897CF8FC18 for ; Thu, 20 May 2010 16:10:02 +0000 (UTC) Received: (qmail 65877 invoked from network); 20 May 2010 15:43:21 -0000 Received: from unknown (HELO oberon.njm.me.uk) (86.129.192.55) by smtp004.apm-internet.net with SMTP; 20 May 2010 15:43:21 -0000 Received: from titania.njm.me.uk (titania.njm.me.uk [192.168.144.130]) by oberon.njm.me.uk (8.14.4/8.14.4) with ESMTP id o4KFhKmi031265; Thu, 20 May 2010 16:43:20 +0100 (BST) (envelope-from njm@njm.me.uk) Received: from titania.njm.me.uk (localhost [127.0.0.1]) by titania.njm.me.uk (8.14.4/8.14.4) with ESMTP id o4KFhKm5097971; Thu, 20 May 2010 16:43:20 +0100 (BST) (envelope-from njm@njm.me.uk) Received: (from njm@localhost) by titania.njm.me.uk (8.14.4/8.14.4/Submit) id o4KFhKn5097970; Thu, 20 May 2010 16:43:20 +0100 (BST) (envelope-from njm@njm.me.uk) Date: Thu, 20 May 2010 16:43:20 +0100 From: "N.J. Mann" To: gahn Message-ID: <20100520154320.GA96788@titania.njm.me.uk> Mail-Followup-To: gahn , freebsd security , freebsd general questions References: <111263.90106.qm@web52308.mail.re2.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <111263.90106.qm@web52308.mail.re2.yahoo.com> X-Operating-System: FreeBSD 7.3-STABLE User-Agent: mutt-NJM (2010-05-06) Cc: freebsd security , freebsd general questions Subject: Re: ftp passive mode X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 May 2010 16:10:03 -0000 In message <111263.90106.qm@web52308.mail.re2.yahoo.com>, gahn (ipfreak@yahoo.com) wrote: > > I am behind firewall and only pass ftp sessions are allowed. With > that, most ftp sessions of portupgrade would not be able to connect to > remote FreeBSD sites. > > Could I reconfigure the my FreeBSD 7.3 in a way so that it would only > start ftp sessions in PASV mode? The on-line handbook in section 4.5.2 'Installing Ports' says: The ports system uses fetch(1) to download the files, which honors various environment variables, including FTP_PASSIVE_MODE, FTP_PROXY, and FTP_PASSWORD. So try setting FTP_PASSIVE_MODE in your environment. man ports and man fetch may also be worth a read. Cheers, Nick. --