From owner-freebsd-questions@FreeBSD.ORG Sun May 21 22:57:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E53316A496 for ; Sun, 21 May 2006 22:57:06 +0000 (UTC) (envelope-from mikhailg@webanoide.org) Received: from cayster.site5.com (cayster.multisite.site5.com [216.118.97.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id A81B043D60 for ; Sun, 21 May 2006 22:56:58 +0000 (GMT) (envelope-from mikhailg@webanoide.org) Received: from ppp110-20.lns1.hba1.internode.on.net ([150.101.110.20] helo=[192.168.0.4]) by cayster.site5.com with esmtpa (Exim 4.52) id 1Fhwr1-0006wP-Uv; Sun, 21 May 2006 18:56:56 -0400 Message-ID: <4470F033.5040702@webanoide.org> Date: Mon, 22 May 2006 08:56:51 +1000 From: Mikhail Goriachev Organization: Webanoide User-Agent: Thunderbird 1.5.0.2 (Macintosh/20060308) MIME-Version: 1.0 To: Brett Wiggins References: <220.253.45.108.1148250150@my.monash.edu.au> In-Reply-To: <220.253.45.108.1148250150@my.monash.edu.au> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: This message has been scanned by ClamAV. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cayster.site5.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - webanoide.org X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-questions@freebsd.org Subject: Re: installing ports behind IPFILTER X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 May 2006 22:57:11 -0000 Brett Wiggins wrote: > Hi everyone, > I am having some problems installing ports when I have > > IPFILTER running. I have put FTP_PASSIVE_MODE=YES in /etc/make.conf > > but the command 'make all install clean' yields; > > ===> Vulnerability check disabled, database not found > => jce-aba-1.1.tar.gz doesn't seem to exist in /usr/ports/distfiles/. > => Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/znerd/. > fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/znerd/jce-aba-1.1.tar.gz: Network is unreachable > *** Error code 1 > > This happens when I try to install ports or pakages. I have also tried > > to install with tcp/ip ports 20,21 and 22 open but to no avail. > > Could you please CC me if you can help, am not on the list due to > > this mailbox being from a University. My IPFILTER is set to block by > > default in my kernel, and I am running 6.1 RELEASE G'day, Probably this is what you're after: # Allow out gateway & LAN users non-secure FTP ( both passive & active modes) # This function uses the IPNAT built in FTP proxy function coded in # the nat rules file to make this single rule function correctly. # If you want to use the pkg_add command to install application packages # on your gateway system you need this rule. pass out quick on dc0 proto tcp from any to any port = 21 flags S keep state That one is from: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: mikhailg@webanoide.org Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B