To: "Nigel Sale" <[EMAIL PROTECTED]> Copies to: [email protected] Subject: Re: Firewalls From: Daniel Pittman <[EMAIL PROTECTED]> Organization: Here, there and everywhere... Date sent: 15 Mar 2000 19:34:46 +1100
> On Wed, 15 Mar 2000, Nigel Sale <[EMAIL PROTECTED]> wrote: > > [...] > > > However, when at work i sit behind a socks5 based proxy firewall, > > which kind of screws things up. > > > > Does anybody have experience of this ? > > Sure. I live behind one at work and at home. Works good. :) > > > I have just started playing with dante-client, which is supposed to > > allow you to 'socksify' applications, and it worked to a point with > > ftp in that i managed to connect to an external site, but got errors > > when i actually tried to ls or get, (cd worked fine). > > Sure. The real issue is the design of the FTP protocol. It tries to open > a connection from the FTP server (outside the firewall) to your machine > (inside it) and this fails. > > The SOCKS protocol only supports outbound connections (from your machine > to something else). > > If you use the command 'pftp' rather than 'ftp', you will be able to do > FTP things - this is just the standard ftp client with the default of > passive mode rather than active mode. > > Passive mode, incidentally, is different from active mode (the standard > one) in that the client machine (you) creates all the connections, > rather than the server creating any of them. > Thanks, pftp works fine. > [...] > > > But my ultimate reason for doing this is that i want to be able to use > > apt-get from behind this firewall....so i need to socksify apt-get, > > has anybody done this ? > > Er. I had real problems with apt-get and dante working together. Then I > went to unstable and simply used my web proxy to do it all, which is > good. Can you elaborate on this last bit, how do you use apt-get from behind your firewall ? > > You will need to look at the configuration for apt and see if it > supports passive FTP at all. If it does, you can use it with SOCKS (all > other things being equal). If you can't get it to use that, no luck, I > am afraid. > > Good luck, and let me know if you are still having trouble. > > Daniel > > -- > An idea that is not dangerous is unworthy to be called an idea at all. > -- Elbert Hubbard -- Nigel Sale Senior Systems Engineer Martin-Baker Aircraft Co. Ltd.
