Date: Mon, 27 Mar 2017 14:48:12 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: freebsd-questions@freebsd.org Subject: Reconfigure ezjail to use https Message-ID: <f4d71957731c8f5ed9110ec6705f4f99.squirrel@webmail.harte-lyne.ca>
next in thread | raw e-mail | index | archive | help
I am having a problem with ezjail's choice of ftp as its default mechanism for obtaining FreeBSD install and update data. Specifically with our pf firewall blocking it. I have attempted to get the ftp-proxy solution working but, as usual, the documentation ceases to be helpful before a working solution is arrived at. pass out proto tcp from $proxy to any port ftp where $proxy expands to the address the proxy daemon is bound to. The difficulty being that the example previously has shown this: nat-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 with nary a mention of $proxy. It would have been a LOT clearer had the example done something like this instead (if indeed this is what is meant): proxy = 127.0.0.1 nat-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp from any to any port ftp -> $proxy port 8021 Which would at least have been consistent. However, I cannot get this to work either. In any case ftp is no what I would prefer to use. However, the documentation respecting changing /usr/local/etc/ezjail.conf so that the protocol used is likewise either misleading or wrong. If I do this: ezjail-admin install -h https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE Then I see this: Could not fetch base from https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE. Maybe your release (11.0-RELEASE) is specified incorrectly or the host download.freebsd.org/ftp/releases/amd64/11.0-RELEASE does not provide that release build. Use the -r option to specify an existing release or the -h option to specify an alternative ftp server. However, if I do this: wget https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE/base.txz Then I see this: --2017-03-27 14:46:01-- https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE/base.txz Resolving download.freebsd.org (download.freebsd.org)... 96.47.72.72, 2610:1c1:1:606c::15:0 Connecting to download.freebsd.org (download.freebsd.org)|96.47.72.72|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 96364744 (92M) [application/octet-stream] Saving to: 'base.txz' Clearly https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE is a valid protocol, host and path. Why then does ezjail not use it? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f4d71957731c8f5ed9110ec6705f4f99.squirrel>