Date: Fri, 07 Mar 2014 17:51:11 -0500 From: Allan Jude <freebsd@allanjude.com> To: "O. Hartmann" <ohartman@zedat.fu-berlin.de> Cc: freebsd-current@freebsd.org Subject: Re: ipfw: fetch doesn't reach ftp://fttp.sites.foo Message-ID: <531A4D5F.9080401@allanjude.com> In-Reply-To: <20140307225537.3c672d34.ohartman@zedat.fu-berlin.de> References: <20140307195719.654653c9.ohartman@zedat.fu-berlin.de> <531A2D23.30907@allanjude.com> <20140307225537.3c672d34.ohartman@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FpvHUAfiUBHcPDonESDRpwD1nSVscG3Nl Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-03-07 16:55, O. Hartmann wrote: > On Fri, 07 Mar 2014 15:33:39 -0500 > Allan Jude <freebsd@allanjude.com> wrote: >=20 >> On 2014-03-07 13:57, O. Hartmann wrote: >>> >>> Recently I swaitched from pf to ipfw on some CURRENT boxes and for co= nvenience I used >>> the "workstation" predefinition of FreeBSD. But with that change, all= access of ports >>> via fetch located at ftp-sites stopped passing the filter. >>> >>> Even switching to "open" doesn't help and this is confusing me. >>> >>> The CURRENT box in question is passing its traffic within a LAN throu= gh a gateway >>> running also FreeBSD CURRENT, but with pf. The gateway is performing = NAT. As long as >>> the failing client behind the gateway system is using pf as the filte= r, the traffic >>> for ftp seems to pass through. On the gateway with pf as the default = filter, the >>> ports fetching via ftp-site their sources perform without problems. >>> >>> What is up with IPFW? >>> >>> Is their a solution? I tried to search google for "freebsd ipfw ftp" = but I didn't find >>> anything suitable targeting my problem or any problem of that kind. >>> >>> >>> Thanks in adavance, >>> >>> Oliver=20 >>> >> >> What error does fetch give? Is it having problems with DNS, connection= >> to the FTP site, or just making the FTP DATA connection? Have you trie= d >> with 'passive' mode on/off? >> > The box doesn't have problems contacting any DNS. >=20 > Fetch gives the shown "errors" or simple timeouts. Either manually or = via portmaster to > update ports like the one shown below. >=20 > The very same port has no problems on the system having pf instead of i= pfw. >=20 > I will switch back to pf on the box in question to check whether the ch= oice of firewall > really makes the difference. >=20 > This is what I get when seeting passive mode (it doesn't change anythin= g from "active" > mode): >=20 > root@thor: [pciids] setenv FTP_PASSIVE_MODE YES >=20 > root@thor: [pciids] make fetch > =3D=3D=3D> License BSD3CLAUSE GPLv2 GPLv3 accepted by the user > =3D=3D=3D> pciids-20140301 depends on file: /usr/local/sbin/pkg - fou= nd > =3D> pciids-20140301.tar.xz doesn't seem to exist in /usr/ports/distfil= es/. > =3D> Attempting to fetch > http://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids= -20140301.tar.xz > fetch: > http://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids= -20140301.tar.xz: > Not Found =3D> Attempting to fetch > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-= 20140301.tar.xz > fetch: > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-= 20140301.tar.xz: > No route to host =3D> Attempting to fetch > ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pcii= ds-20140301.tar.xz > fetch: > ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pcii= ds-20140301.tar.xz: > No route to host =3D> Attempting to fetch > ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pcii= ds-20140301.tar.xz > fetch: > ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pcii= ds-20140301.tar.xz: > No route to host =3D> Attempting to fetch > ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pcii= ds-20140301.tar.xz > fetch: transfer timed out >=20 'no route to host' suggests it might be trying to do ipv6 --=20 Allan Jude --FpvHUAfiUBHcPDonESDRpwD1nSVscG3Nl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTGk1iAAoJEJrBFpNRJZKf3p0QALZg58bEcH5jtd8NPU43dB31 trD1nQlMZMurDKpSfdxKM9Z0FMsQY2IywZumYb+UCrB84LD5IHrmZX0KZ4bqFD8V DEZKXFmLuD82UCVTMVeVziVTm1Yf/918EfKVYgpoXLdnhMc4oCnp+jUzlrALLMYL nqdYecJp9dTHwTr23xzn1Xtep+G1OSGX3M/p2TjFqQJFAKVtvTHF+ZaD+CZfJ9Pi o2AvsDMvGp1po27m5ZjhyBUUERWlkbDEQ8VwxFynlt7NKX+wANm5pQvzjI2lqyJM r1Y59bt/muDDNc/r5OPrnEvnw7IwNo3gmVJ8h23jHjKAVhHv7pfCStI0cQR5MQY5 F2siqk7i91zat7eUTAigRahlQ9RY4KFan6EYv6n3uwpf8FosVueKAlGzy7rrVLN7 A8gJ1sGL5DTejeDkcx1t9jkQVa89ttuwiMZBpjdSIt2pWZjlQrhNHUEpOCnEYkd8 poiaqxtMJGGnFxBkbxaSS0jDBq0d7k0SGbdXT1mCItPYmMDcTciDYwivo16iAaxz RIjSbuKPJwqyYaY/lNA75kUd9VOK0XVt/Pso6jXtY9VcqUGKUMW9XL0Y15qRepiD HHNahsPIvxXtDxUPRB7u1alMRFiRxdneEPHs4rhskhHMrNqJiQ1qXBb40NvZIUL6 WVJXzlBaimGmJlWZyRDa =lM+D -----END PGP SIGNATURE----- --FpvHUAfiUBHcPDonESDRpwD1nSVscG3Nl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?531A4D5F.9080401>