From owner-freebsd-questions@FreeBSD.ORG Fri Jun 24 18:36:15 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CE3B16A41C for ; Fri, 24 Jun 2005 18:36:15 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out2.blueyonder.co.uk (smtp-out2.blueyonder.co.uk [195.188.213.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6AAE43D1F for ; Fri, 24 Jun 2005 18:36:13 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [82.41.37.55] ([82.41.37.55]) by smtp-out2.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Fri, 24 Jun 2005 19:36:54 +0100 Message-ID: <42BC529C.90902@dial.pipex.com> Date: Fri, 24 Jun 2005 19:36:12 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.8) Gecko/20050530 X-Accept-Language: en, en-us, pl MIME-Version: 1.0 To: Sam Ip References: <60ba8a2905062411013bd79790@mail.gmail.com> In-Reply-To: <60ba8a2905062411013bd79790@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Jun 2005 18:36:54.0354 (UTC) FILETIME=[B1ADEB20:01C578EB] Cc: freebsd-questions@freebsd.org Subject: Re: Newbie question about ports. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jun 2005 18:36:15 -0000 Sam Ip wrote: >I'm trying out FreeBSD for the first time for use at work. However, >there is a corporate firewall and hence ftp traffic doesn't get >through. I can access http sites. So if a selling point of FreeBSD is >its ports collection > >1. Can you do a CVSup to update your ports via http? > >2. Can you install ports via http? > > Cvsup does not support http, but neither does it use ftp (see man cvsup, especially the -p and -P options). It requires that a single port be openable through your firewall (default 5999). There is an alternative, which I have never used, called CTM (see handbook). Ftp is required to fetch the source code for ports, but this happens when you try and build a port and has nothing to do with cvsup. The ftp connection used to fetch the sources will be a "passive" connection which is firewall friendly. There is no reason, beyond pure paranoia or obscene mistrust of employees, for a firewall to block passive-style ftp connections. If I were you, I would ask whoever is in charge of your corporate firewall if they do allow passive ftp, and if they don't, then ask for an explanation why not. If your FreeBSD requirement is business related, then they should be helping you get these basic services working. The firewall can easily limit ftp and cvsup connections to be from a specified IP address, and to a specified IP address. Security implications: none, since far more dangerous things can be carried in to the business on a CD. *If* (and I have no idea about this) there is a server which has the port sources available via HTTP, then you could download them yourself either with a web browser or something like lwp-download (part of the p5-libwww-5.803 perl package, and quite possibly part of the standard perl port). Every time a port fails to fetch a package via ftp, you would have to download it by hand. The ports collection is *one* selling point for FreeBSD (stability, documentation, and just being better than anything else :-) are some others). However, there is no way that you can expect anyone to waste their time to work around what can only be described as demented security restrictions. You might be better off looking for a server which can supply you packages via HTTP. Packages are pre-built ports comparable to Linux RPMs. Just like Linux RPMs you get no choice about any configurations options which the port provides, and are stuck with whatever the package creator used. That's one reason why the ports are so nice. See the pkg_add manual page and the handbook section on ports and packages. Just my 0.02, --Alex