From owner-freebsd-questions@FreeBSD.ORG Fri Mar 17 11:15:56 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E10516A400 for ; Fri, 17 Mar 2006 11:15:56 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id F25AD43D45 for ; Fri, 17 Mar 2006 11:15:52 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k2HBFouq002391; Fri, 17 Mar 2006 13:15:50 +0200 From: Nikos Vassiliadis To: freebsd-questions@freebsd.org Date: Fri, 17 Mar 2006 13:10:42 +0200 User-Agent: KMail/1.8.3 References: <441A9250.10103@locolomo.org> In-Reply-To: <441A9250.10103@locolomo.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200603171310.42917.nvass@teledomenet.gr> Cc: Subject: Re: configuring fetch to passive mode X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2006 11:15:56 -0000 On Friday 17 March 2006 12:41, Erik Norgaard wrote: > Hi: > > This ought to be a configuration tunable, but I can't find any > documentaion on it: How to I force fetch to use passive mode? > > When I try "make fetch" of some port I get: > > => Attempting to fetch from \ > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/. > fetch: \ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/file: \ > Operation not permitted > > It fails quickly, no sign of things timing out. > > In my firewall (pf), I have > > block in quick on $ext_if all You block everything that comes in from your external interface. The "quick" keyword means that the search ends there. So you no incoming traffic passes... HTH, Nikos > pass out quick on $ext_if proto tcp all flags S/SA keep state > pass out quick on $ext_if proto udp all keep state > pass out quick on $ext_if proto icmp all keep state > > which basically block ftp active, but should allow ftp passive. If I > flush the rules fetch works fine, so it must be an issue of fetch trying > active mode. > > Setting FTP_PASSIVE_MODE=YES as environment variable or in make.conf > doesn't change a thing. > > Thanks, Erik