pkg_add blocked by IPFirewall
I am attempting to install cvsup using pkg_add -r but I keep getting the following error: Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz: No route to host pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz' by URL I know that it is being blocked by my firewall. What are the tcp and udp ports that I need to open up for pkg_add to get the package? Thank you in advance. Jose ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pkg_add blocked by IPFirewall
At 09:40 PM 12/12/2005, Jose Borquez wrote: I am attempting to install cvsup using pkg_add -r but I keep getting the following error: Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz: No route to host pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz' by URL I know that it is being blocked by my firewall. What are the tcp and udp ports that I need to open up for pkg_add to get the package? The control connection for ftp is tcp on port 21. As long as you have FTP_PASSIVE_MODE=YES in your environment, that's all you should need. However, the message no route to host suggests you have a routing problem. -Glenn Thank you in advance. Jose ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pkg_add blocked by IPFirewall
Jose Borquez wrote: I am attempting to install cvsup using pkg_add -r but I keep getting the following error: Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz: No route to host pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz' by URL I know that it is being blocked by my firewall. What are the tcp and udp ports that I need to open up for pkg_add to get the package? You will need to: a) set FTP_PASSIVE_MODE=yes in your environment. It should be set by default. b) Configure your firewall to allow stateful outgoing tcp connections to any IP port 21 and also to any port in the 'high ports' range. On FreeBSD by default that's 49152-65535. Other OSes differ. The 'high ports' range is configurable by modifying the net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast sysctls. That should let you use PASV or EPSV-style passive mode FTP through your firewall. It's not possible to effectively firewall active mode FTP clients (let alone FTP servers) satisfactorily without using an FTP proxy on your firewall, such as ftp-proxy(8). For a personal machine just allowing passive mode FTP will be sufficient. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pkg_add blocked by IPFirewall
Matthew Seaman wrote: Jose Borquez wrote: I am attempting to install cvsup using pkg_add -r but I keep getting the following error: Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz: No route to host pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz' by URL I know that it is being blocked by my firewall. What are the tcp and udp ports that I need to open up for pkg_add to get the package? You will need to: a) set FTP_PASSIVE_MODE=yes in your environment. It should be set by default. b) Configure your firewall to allow stateful outgoing tcp connections to any IP port 21 and also to any port in the 'high ports' range. On FreeBSD by default that's 49152-65535. Other OSes differ. The 'high ports' range is configurable by modifying the net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast sysctls. That should let you use PASV or EPSV-style passive mode FTP through your firewall. It's not possible to effectively firewall active mode FTP clients (let alone FTP servers) satisfactorily without using an FTP proxy on your firewall, such as ftp-proxy(8). For a personal machine just allowing passive mode FTP will be sufficient. Cheers, Matthew That was very helpful. It worked! Thank you. Jose ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
