Date: Fri, 7 Mar 2014 22:55:37 +0100 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Allan Jude <freebsd@allanjude.com> Cc: freebsd-current@freebsd.org Subject: Re: ipfw: fetch doesn't reach ftp://fttp.sites.foo Message-ID: <20140307225537.3c672d34.ohartman@zedat.fu-berlin.de> In-Reply-To: <531A2D23.30907@allanjude.com> References: <20140307195719.654653c9.ohartman@zedat.fu-berlin.de> <531A2D23.30907@allanjude.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/J+znIwIzI6+HxnpVE3+ZH3n Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 07 Mar 2014 15:33:39 -0500 Allan Jude <freebsd@allanjude.com> wrote: > On 2014-03-07 13:57, O. Hartmann wrote: > >=20 > > Recently I swaitched from pf to ipfw on some CURRENT boxes and for conv= enience I used > > the "workstation" predefinition of FreeBSD. But with that change, all a= ccess of ports > > via fetch located at ftp-sites stopped passing the filter. > >=20 > > Even switching to "open" doesn't help and this is confusing me. > >=20 > > The CURRENT box in question is passing its traffic within a LAN through= a gateway > > running also FreeBSD CURRENT, but with pf. The gateway is performing NA= T. As long as > > the failing client behind the gateway system is using pf as the filter,= the traffic > > for ftp seems to pass through. On the gateway with pf as the default fi= lter, the > > ports fetching via ftp-site their sources perform without problems. > >=20 > > What is up with IPFW? > >=20 > > Is their a solution? I tried to search google for "freebsd ipfw ftp" bu= t I didn't find > > anything suitable targeting my problem or any problem of that kind. > >=20 > >=20 > > Thanks in adavance, > >=20 > > Oliver=20 > >=20 >=20 > What error does fetch give? Is it having problems with DNS, connection > to the FTP site, or just making the FTP DATA connection? Have you tried > with 'passive' mode on/off? >=20 The box doesn't have problems contacting any DNS. Fetch gives the shown "errors" or simple timeouts. Either manually or via = portmaster to update ports like the one shown below. The very same port has no problems on the system having pf instead of ipfw. I will switch back to pf on the box in question to check whether the choice= of firewall really makes the difference. This is what I get when seeting passive mode (it doesn't change anything fr= om "active" mode): root@thor: [pciids] setenv FTP_PASSIVE_MODE YES root@thor: [pciids] make fetch =3D=3D=3D> License BSD3CLAUSE GPLv2 GPLv3 accepted by the user =3D=3D=3D> pciids-20140301 depends on file: /usr/local/sbin/pkg - found =3D> pciids-20140301.tar.xz doesn't seem to exist in /usr/ports/distfiles/. =3D> Attempting to fetch http://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-201= 40301.tar.xz fetch: http://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-201= 40301.tar.xz: Not Found =3D> Attempting to fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-2014= 0301.tar.xz fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-2014= 0301.tar.xz: No route to host =3D> Attempting to fetch ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-2= 0140301.tar.xz fetch: ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-2= 0140301.tar.xz: No route to host =3D> Attempting to fetch ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-2= 0140301.tar.xz fetch: ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-2= 0140301.tar.xz: No route to host =3D> Attempting to fetch ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/sunpoet/pciids-2= 0140301.tar.xz fetch: transfer timed out --Sig_/J+znIwIzI6+HxnpVE3+ZH3n Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAEBAgAGBQJTGkBeAAoJEOgBcD7A/5N8zXUH/1GJqx+rhUsjB8J6UkJkxyrI DWVRXYhvrJqCSYC18J4zn12Prn6YmtReOpWjBKuEd3gChfoHRXA/jN/9tfmBU/wX V39ER7jnsEpRJLtSgiJ6EWuyi7sP3ejqv2vb9UMtgSPWDS8YGwzh5nF3I5G4KViy C34YDravufW9+4BECMx+hwz+hCvRh4Ba2D76OUrCW8RgOuC7XQYCw42YpJ1nOV6v W8/SY2wNyzIAn0IMAaFPMyRieAkSdG1k1A2u6U9vaFd9ZxFgXPYPpj/tLSd3hL7e ZbRIYIYmaU+KK8FCJUWNCZy6yatsUpMI4cuPVTKYJXJfmg391DGPt1j90ljQk5g= =9l5o -----END PGP SIGNATURE----- --Sig_/J+znIwIzI6+HxnpVE3+ZH3n--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140307225537.3c672d34.ohartman>