From owner-freebsd-security Sat Apr 1 10:53:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from toaster.sun4c.net (toaster.sun4c.net [63.193.27.6]) by hub.freebsd.org (Postfix) with ESMTP id 927FB37B993 for ; Sat, 1 Apr 2000 10:53:48 -0800 (PST) (envelope-from andre@toaster.sun4c.net) Received: (from andre@localhost) by toaster.sun4c.net (8.9.3+openldap/8.9.3) id LAA00668; Sat, 1 Apr 2000 11:01:44 -0800 (PST) Date: Sat, 1 Apr 2000 11:01:44 -0800 From: Andre Gironda To: Nate Williams Cc: Jim Durham , freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules Message-ID: <20000401110144.A319@toaster.sun4c.net> References: <38E159DF.3D7E5DF6@w2xo.pgh.pa.us> <200004011825.LAA04705@nomad.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: <200004011825.LAA04705@nomad.yogotech.com>; from Nate Williams on Sat, Apr 01, 2000 at 11:25:55AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org export/setenv http_proxy! of course, you have to find all of the distfiles manually, since only about 4% of them have an http site to download the source from. it works though, but i doubt it's what you are looking for. i had to do this behind a firewall/proxy architecture that did not allow ftp. why not try fwtk or socks5 or something else? i do kind of agree though. I like the options in freebsd to install via http_proxy, but i don't think there's an option for ftp_proxy. it all works really well, it just doesn't flow. i guess better integration between ftp and sysinstall and ports would be nice. also, all these different security models for downloading are interesting.. but what really are the differences? i guess it's just better to support everything than have only one simple way of getting freebsd, freebsd source, and/or ports. dre On Sat, Apr 01, 2000 at 11:25:55AM -0700, Nate Williams wrote: > > I'm looking for some input on how to set up > > FTP through an IPFW firewall so that you don't > > have to run passive mode. > > > > Passive mode makes things like building ports difficult. > > Why? I've got it setup that way (been that way for a couple of years), > and things work fine. However, I do things a bit 'non-standard', and go > hack the sources to both ftp and fetch to make passive mode the > default on my boxes. :) > > Nate > -- This program has been brought to you by the language C and the number F. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message