Upgraded my 3.9 install to 4.0 the other day, followed the 3.9-4.0 doc and it was smooth as could be. Upgraded all my packages using
pkg_add -ui -F update -F updatedepends straight from the upgrade doc. Only found a couple, and installed those. Thats when the fun started. Got an email from the firewall admin with this message from the firewall logs: Nov 14 13:49:05 2006 CST f_ftpproxy a_server t_attack p_major pid: 1309 ruid: 0 euid: 0 pgid: 1309 fid: 0 logid: 0 cmd: 'pftp' domain: PFTx edomain: PFTx hostname: fw.somename.net category: appdef_violation event: denied ftp command netsessid: 455a1db10002ec59 srcip: 192.168.55.125 srcport: 15910 dst_local_port: 21 srcburb: internal protocol: 6 src_local_port: 44510 dstip: 209.242.32.10 dstport: 21 dstburb: external attackip: 192.168.55.125 attackburb: internal acl_id: ftp_ext_out reason: Denied FTP command: EPSV. Data is being dropped. So 2 questions. First, can I shut of EPSV and use PASV instead for pkg_add? Doesn't look like our firewalls will support us turning on allowing EPSV. I looked through the man pages and didn't find anything. Second, I vaguely remember doing some pkg_add's while still in 3.9 via scp, but I cannot find the list of servers anywhere that support it. I know I did this and I remeber seeing the list, but I cannot for the life of me find the list anymore. I would prefer this method over ftp as it would be faster. I always use the same local(to me) mirror and I know that is where I scp'ed from in the past. Oh and before anyone says pitch the fine firewalls we have and setup a couple running PF and CARP, already suggested that awhile back. No dice. Thanks in advance
