From owner-freebsd-questions@FreeBSD.ORG Tue Nov 15 11:48:28 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56B5416A41F for ; Tue, 15 Nov 2005 11:48:28 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 021D743D45 for ; Tue, 15 Nov 2005 11:48:27 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [192.168.2.2] ([69.27.149.254]) by ezekiel.daleco.biz (8.13.1/8.13.1) with ESMTP id jAFBmKQ7042954; Tue, 15 Nov 2005 05:48:25 -0600 (CST) (envelope-from kdk@daleco.biz) Message-ID: <4379CAFE.4070507@daleco.biz> Date: Tue, 15 Nov 2005 05:48:14 -0600 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051026 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Robert H. Perry" References: <43797093.5010206@gti.net> In-Reply-To: <43797093.5010206@gti.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Inconsistency Running IPF Against FTPs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Nov 2005 11:48:28 -0000 Robert H. Perry wrote: > I'm running FreeBSD RELEASE 5.4 and recently installed IPF Firewall. > I rarely download files using FTP but have little choice using > portupgrade. > Now, during an upgrade, I often see the error message, "No route to > host..." > while connecting with an FTP site. If I disable the IPF/IPNAT rules > the problem no longer exists. > > I've followed installation instructions in the Handbook paying particular > attention to the section on IPNAT rules. (I do not claim to entirely > understand > what I read however.) My immediate question however is how current > are the > instructions? There is a caveat immediately following the IPF > Firewall Section > title: "This section is work in progress. The contents might not be > accurate at > all times." If it is accurate and should resolve my FTP problems, > I'll simply re-read > it until I get it right. > > Any other hints are also appreciated. > This would probably fall under your "other hints" category. Your firewall should be allowing extant connections to continue --- IOW, showing stateful behavior. Some FTP data connections use high-numbered ports, and it sounds as if these are being blocked by your firewall. YMMV. Note that setting FTP_PASSIVE_MODE in your environment might be worth a shot. I am sorry that I'm not an IPF user and can't give more detailed help. Good luck with your issue. Kevin Kinsey