From owner-freebsd-questions@FreeBSD.ORG Mon Jun 13 11:37:13 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB3FA106564A for ; Mon, 13 Jun 2011 11:37:13 +0000 (UTC) (envelope-from dave@g8kbv.demon.co.uk) Received: from lon1-post-2.mail.demon.net (lon1-post-2.mail.demon.net [195.173.77.149]) by mx1.freebsd.org (Postfix) with ESMTP id A171E8FC13 for ; Mon, 13 Jun 2011 11:37:13 +0000 (UTC) Received: from dyn-62-56-116-117.dslaccess.co.uk ([62.56.116.117] helo=[192.168.42.12]) by lon1-post-2.mail.demon.net with esmtpa (AUTH g8kbv) (Exim 4.69) id 1QW5SC-0007bb-Zp for freebsd-questions@freebsd.org; Mon, 13 Jun 2011 11:37:12 +0000 From: "Dave" To: freebsd-questions@freebsd.org Date: Mon, 13 Jun 2011 12:37:02 +0100 MIME-Version: 1.0 Message-ID: <4DF5F65E.4944.2D034AE4@dave.g8kbv.demon.co.uk> Priority: normal In-reply-to: <864559.78569.qm@web36503.mail.mud.yahoo.com> References: , , <864559.78569.qm@web36503.mail.mud.yahoo.com> X-mailer: Pegasus Mail for Windows (4.61) Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: Quoted-printable Content-description: Mail message body Subject: Re: ftp installation X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jun 2011 11:37:13 -0000 On 12 Jun 2011 at 4:32, Bill Tillman wrote: > > ________________________________ > From: Daniel Feenberg > Subject: Re: ftp installation > > > On Sat, 11 Jun 2011, Robert Simmons wrote: > > > On Sat, Jun 11, 2011 at 6:52 PM, Daniel Feenberg > > wrote: > >> > >> I have tried many of the ftp sites enumerated in sysinstall, with > >> both 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation > >> proceeds for a few seconds and then hangs, with the last message on > >> the console always being: > >> > >> =A0DEBUG: Generating /etc/fstab file. > >> > ... > >> > >> Is there something off about the sysinstall ftp dialog? I don't see > >> a way to monitor what is happening. > > > > Your firewall may be interfering with the connection.=A0 You may want > > to read the handbook section on FTP installs (the grey box at the > > bottom of the page): > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-me > > dia.html > > > > Well, our router has never interfered with ftp transfers done from the > command line, but switching to the firewall-friendly mode in > sysinstall does fix the problem. > > Thank you > Daniel Feenberg > NBER > > > If I recall correctly I had to open up my firewall completely to get > the ftp installations to work. I use a FreeBSD diskless router running > IPFW+NATD and the log files are set to max out at 5 so I can't see > which port is trying to be used which gets blocked. So just for the 10 > minutes or so to do an FTP install I just open the firewall wide and > allow any to any. Once the install is complete I close the firewall > again. > > That's why "Passive" (or PASV) mode is included in FTP. It only ever makes outgoing connections from a client. 99.9% of all routers/firewalls will honour that mode with no probems, unless it's been specifically blocked by an admin type somewhere. In the F'BSD install/update settings/dialogs etc, always select the option to use FTP from behind a firewall or router, or "Firewall Friendly" mode. That will invoke Passive mode transfers. It's the one thing I can do reliably with FreeBSD, no need to mess with router/firewall permissions etc. That only needs doing if you want to run a server that is reachable from outside your LAN. That in turn, opens a whole oil drum load (i.e. a big can of worms!) of potential security issues.... Take care. DaveB PS: Worth looking at, for a good, if lenghty explanation. http://slacksite.com/other/ftp.html