Re: Fwd: IPF (ftp - pkg_add) help requested
On Fri, Mar 02, 2007 at 09:12:31AM -0500, Don Munyak wrote: How do I set|view env for root?..., specifically FTP_PASSIVE_MODE=YES See su(1), specifically the -l option. See the man page for whatever shell you run as root. OT... Kelley, btw...Baxter is cool :) I had a Pekingese once. For Halloween, I shaved off all her hair except for a 2 mohawk head-2-tail. I'll have to find the picture to send you some day. Yeah, he's a good pup, my daughter dressed him up for the superbowl. I bet your peek wasn't real happy with you. g -- Kelly D. Grills [EMAIL PROTECTED] pgpnMiIhhf1x9.pgp Description: PGP signature
Re: Fwd: IPF (ftp - pkg_add) help requested
On 3/1/07, Kelly D. Grills [EMAIL PROTECTED] wrote: On Thu, Mar 01, 2007 at 04:10:11PM -0500, Don Munyak wrote: As I hinted at in my original response, If you'd rather keep your firewall rules tighter, pkg_add(1) says: Note: If you wish to use passive mode ftp in such transfers, set the variable FTP_PASSIVE_MODE to some value in your environment. ahh... now I see what your saying. I have my server setup to disallow root login from console. I login as user, then su to root. When I run # printenv |sort, This dispalys the env varibale for me, not root. How do I set|view env for root?..., specifically FTP_PASSIVE_MODE=YES -- OT... Kelley, btw...Baxter is cool :) I had a Pekingese once. For Halloween, I shaved off all her hair except for a 2 mohawk head-2-tail. I'll have to find the picture to send you some day. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPF (ftp - pkg_add) help requested
I am building a FreeBSD box to function as a FAMP server (LAMP) and hopefully replace our existing mail server. I am having an issue with IPF that I can't seem to figure out. *** When IPF is enabled, I can't run # pkg_add -r package name. {...snip from local console..} p0069# pkg_add -rv bash looking up ftp.freebsd.org connecting to ftp.freebsd.org:21 setting passive mode opening data connection Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/bash.tbz: Network is unreachable pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/bash.tbz' by URL pkg_add: 1 package addition's) failed {...end-snip..} *** When I disable ipf -D, all works fine. IPF was compiled in the kernel when I did a buildworld. p0069# uname -a FreeBSD p0069.bm.local 6.1-RELEASE-p12 FreeBSD 6.1-RELEASE-p12 #0: Thu Feb 8 13:55:26 EST 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/WEBSERVER i386 p0069# When I issue ipfstat -ho, after pkg_add -r, the following lines increment - pass out quick on em0 proto tcp from any to any port = 21 flags S keep state - pass out quick on em0 proto udp from any to any port = 53 keep state - block out log first quick on em0 all # -- # /etc/ipf.rules # logged to /var/log/firewall.log # 02/28/2007 # -- # -- # EGRESS filtering # -- # No restriction on Loopback Adapter pass in quick on lo0 all pass out quick on lo0 all # DHCP Bootp # pass out quick on em0 proto udp from any to any port = 67 keep state # pass out quick on em0 proto udp from any to any port = 68 keep state # ICMP pass out quick on em0 proto icmp from any to any keep state # Allow out http pass out quick on em0 proto tcp from any to any port = 80 flags S keep state pass out quick on em0 proto tcp from any to any port = 443 flags S keep state # Allow ftp out pass out quick on em0 proto tcp from any to any port = 20 flags S keep state pass out quick on em0 proto tcp from any to any port = 21 flags S keep state # Allow mail out pass out quick on em0 proto tcp from any to any port = 110 flags S keep state pass out quick on em0 proto tcp from any to any port = 143 flags S keep state pass out quick on em0 proto tcp from any to any port = 25 flags S keep state # Allow SSH Out pass out quick on em0 proto tcp from any to any port = 22 flags S keep state # Allow DNS pass out quick on em0 proto udp from any to any port = 53 keep state pass out quick on em0 proto tcp from any to any port = 53 flags S keep state # Allow CVSUP pass out quick on em0 proto tcp from any to any port = 5999 flags S keep state # Keeping time pass out quick on em0 proto tcp from any to any port = 37 flags S keep state pass out quick on em0 proto tcp from any to any port = 123 flags S keep state # Allow whois pass out quick on em0 proto tcp from any to any port = 43 flags S keep state # Razor Spamassasin # more later # Block and Log the first occurance of everything else block out log first quick on em0 all # - # INGRESS Filtering # # Block all inbound traffic from non-routable or reserved networks # block in quick on em0 from 192.168.0.0/16 to any block in quick on em0 from 172.16.0.0/12 to any block in quick on em0 from 10.0.0.0/8 to any block in quick on em0 from 127.0.0.0/8 to any block in quick on em0 from 0.0.0.0/8 to any block in quick on em0 from 169.254.0.0/16 to any # block in quick on em0 from 192.0.2.0/24 to any block in quick on em0 from 204.153.64.0/23 to any block in quick on em0 from 224.0.0.0/3 to any # Block in Nasties # stuff I don't want logged block in quick on em0 proto icmp all icmp-type 8 block in quick on em0 all with frags block in quick on em0 all with ipopts block in quick on em0 all with short # block return-rst in quick on em0 proto tcp all flags FUP # block return-rst in quick on em0 proto tcp from any to any # block return-icmp-as-digest(port-unr) in quick on em0 proto udp from any to any # Block all Netbios server. 137=name, 138=datagram, 139=session block in log first quick on em0 proto tcp/udp from any to any port = 137 block in log first quick on em0 proto tcp/udp from any to any port = 138 block in log first quick on em0 proto tcp/udp from any to any port = 139 block in log first quick on em0 proto tcp/udp from any to any port = 81 # Allow in http/https pass in quick on em0 proto tcp from any to any port = 80 flags S keep state pass in quick on em0 proto tcp from any to any port = 443 flags S keep state # allow incoming SSH pass in quick on em0 proto tcp from any to any port = 22 flags S keep state # SMTP/POP/IMAP pass in quick on em0 proto tcp from any to any port = 25 flags S keep state pass in quick on em0 proto tcp from any to any port = 110 flags S keep state pass in quick on em0 proto tcp from any to any port = 143 flags S keep state # Anit-Virus # more later # All the rest block in log first quick on em0 all # - EOF
Re: IPF (ftp - pkg_add) help requested
I'd start by upgrading to 6.2 Don Munyak wrote: I am building a FreeBSD box to function as a FAMP server (LAMP) and hopefully replace our existing mail server. I am having an issue with IPF that I can't seem to figure out. *** When IPF is enabled, I can't run # pkg_add -r package name. p0069# uname -a FreeBSD p0069.bm.local 6.1-RELEASE-p12 FreeBSD 6.1-RELEASE-p12 #0: Thu Feb 8 13:55:26 EST 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/WEBSERVER i386 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Fwd: IPF (ftp - pkg_add) help requested
Apart from up dating to newer version, I don't see how upgrading to 6.2 will make a difference. Anyway, thanks for taking the time to reply. However, the solution is as follows. Incidentally, this had nothing to do with pkg_add And everything to do with FTP and IPFILTER. === Diagnosis... {IPMON results} # ipmon 01/03/2007 15:03:39.112348 em0 @0:17 b 192.168.222.69,63507 - 204.152.184.73,63471 PR tcp len 20 48 -S OUT 01/03/2007 15:04:09.128610 em0 @0:17 b 192.168.222.69,57187 - 62.243.72.50,59250 PR tcp len 20 48 -S OUT 01/03/2007 15:04:17.756186 em0 @0:17 b 192.168.222.69,59469 - 204.152.184.73,55984 PR tcp len 20 48 -S OUT 01/03/2007 15:04:23.832928 em0 @0:17 b 192.168.222.69,62647 - 62.243.72.50,58387 PR tcp len 20 48 -S OUT My server was opening an additional session using ports 1024, which I was not initially allowing. ipf was blocking outbound due to this rule. This is a known issue with ftp client sessions using active mode when behind a firewall. # Block and Log the first occurance of everything else block out log first quick on em0 all Solution http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html section 26.5.21.1 IPNAT Rules {or} section 26.5.21.2 IPNAT FTP Filter Rules I chose 26.5.21.2 for simplicity. This proabably isn't a major issue for me, since the server will be located behind a border (LAN) firewall. Basically changed: # Allow ftp out pass out quick on em0 proto tcp from any to any port = 20 flags S keep state pass out quick on em0 proto tcp from any to any port = 21 flags S keep state { to...} # Allow ftp out pass out quick on em0 proto tcp from any to any port = 21 flags S keep state pass out quick on em0 proto tcp from any to any port 1024 flags S keep state { and added } #Allow Active mode data channel from ftp server pass in quick on em0 proto tcp from any to any port = 20 flags S keep state For good reading {Official IPF home page} http://coombs.anu.edu.au/~avalon/ip-filter.html Don ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fwd: IPF (ftp - pkg_add) help requested
Ahh, totally makes sense. Sorry for the misguided reply, it was late and I thought there had been kernel changes with ipf in 6.2 but in fact that was ipfw. Glad to hear you figured this out! - Chris Don Munyak wrote: Apart from up dating to newer version, I don't see how upgrading to 6.2 will make a difference. Anyway, thanks for taking the time to reply. However, the solution is as follows. Incidentally, this had nothing to do with pkg_add And everything to do with FTP and IPFILTER. === Diagnosis... {IPMON results} # ipmon 01/03/2007 15:03:39.112348 em0 @0:17 b 192.168.222.69,63507 - 204.152.184.73,63471 PR tcp len 20 48 -S OUT 01/03/2007 15:04:09.128610 em0 @0:17 b 192.168.222.69,57187 - 62.243.72.50,59250 PR tcp len 20 48 -S OUT 01/03/2007 15:04:17.756186 em0 @0:17 b 192.168.222.69,59469 - 204.152.184.73,55984 PR tcp len 20 48 -S OUT 01/03/2007 15:04:23.832928 em0 @0:17 b 192.168.222.69,62647 - 62.243.72.50,58387 PR tcp len 20 48 -S OUT My server was opening an additional session using ports 1024, which I was not initially allowing. ipf was blocking outbound due to this rule. This is a known issue with ftp client sessions using active mode when behind a firewall. # Block and Log the first occurance of everything else block out log first quick on em0 all Solution http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html section 26.5.21.1 IPNAT Rules {or} section 26.5.21.2 IPNAT FTP Filter Rules I chose 26.5.21.2 for simplicity. This proabably isn't a major issue for me, since the server will be located behind a border (LAN) firewall. Basically changed: # Allow ftp out pass out quick on em0 proto tcp from any to any port = 20 flags S keep state pass out quick on em0 proto tcp from any to any port = 21 flags S keep state { to...} # Allow ftp out pass out quick on em0 proto tcp from any to any port = 21 flags S keep state pass out quick on em0 proto tcp from any to any port 1024 flags S keep state { and added } #Allow Active mode data channel from ftp server pass in quick on em0 proto tcp from any to any port = 20 flags S keep state For good reading {Official IPF home page} http://coombs.anu.edu.au/~avalon/ip-filter.html Don ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fwd: IPF (ftp - pkg_add) help requested
On Thu, Mar 01, 2007 at 04:10:11PM -0500, Don Munyak wrote: My server was opening an additional session using ports 1024, which I was not initially allowing. ipf was blocking outbound due to this rule. This is a known issue with ftp client sessions using active mode when behind a firewall. As I hinted at in my original response, If you'd rather keep your firewall rules tighter, pkg_add(1) says: Note: If you wish to use passive mode ftp in such transfers, set the variable FTP_PASSIVE_MODE to some value in your environment. Otherwise, the more standard ACTIVE mode may be used. If pkg_add consistently fails to fetch a package from a site known to work, it may be because you have a firewall that demands the usage of passive mode ftp. -- Kelly D. Grills [EMAIL PROTECTED] pgpzSYEkjLW0T.pgp Description: PGP signature
Re: [FreeBSD] pkg_add help
Can someone point me in the right direction. I have a package I downloaded from FreeBSD.org thru Konqueor. It ends with .tbz I could not find this package in the ports collection thru stand/sysinstall My two questions are I need to extract this file Where And then how do I install, make install didn't work. Presuming you downloaded the right version for the versin of FreeBSD you are on - .tbz files start in 5., try just putting it in /usr/local/whatever_the_name_is and doing pkg_add whatever_the_name_is.tbz jerry Thanx in advance. Later, Leon A fanatic is one who can't change his mind and won't change the subject. Sir Winston Churchill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[FreeBSD] pkg_add help
Can someone point me in the right direction. I have a package I downloaded from FreeBSD.org thru Konqueor. It ends with .tbz I could not find this package in the ports collection thru stand/sysinstall My two questions are I need to extract this file Where And then how do I install, make install didn't work. Thanx in advance. Later, Leon A fanatic is one who can't change his mind and won't change the subject. Sir Winston Churchill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [FreeBSD] pkg_add help
Hi, Packages and ports are diferent. A package is already compiled aplication and you will use pkg_add - To install pkg_delete - To deinstall pkg_info - To view packages that are instaled. so, you will install it using pkg_add packagename.tbz Can someone point me in the right direction. I have a package I downloaded from FreeBSD.org thru Konqueor. It ends with .tbz I could not find this package in the ports collection thru stand/sysinstall My two questions are I need to extract this file Where And then how do I install, make install didn't work. Thanx in advance. Later, Leon A fanatic is one who can't change his mind and won't change the subject. Sir Winston Churchill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [FreeBSD] pkg_add help
FreeBSD Handbook, Chapter 4. Read a little. On Thu, 17 Jun 2004 22:21:41 -0600, LW Ellis [EMAIL PROTECTED] wrote: Can someone point me in the right direction. I have a package I downloaded from FreeBSD.org thru Konqueor. It ends with .tbz I could not find this package in the ports collection thru stand/sysinstall My two questions are I need to extract this file Where And then how do I install, make install didn't work. Thanx in advance. Later, Leon A fanatic is one who can't change his mind and won't change the subject. Sir Winston Churchill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Working now [FreeBSD] pkg_add help
I tried that, it kept telling me that it wasn't a package. Went back and tried again, now it works... Thanx Renato Leon - Hi, Packages and ports are diferent. A package is already compiled aplication and you will use pkg_add - To install pkg_delete - To deinstall pkg_info - To view packages that are instaled. so, you will install it using pkg_add packagename.tbz ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pkg_add help
should it be in the ports directory when running pkg_add? like usr/ports/security/packge say the package is in the security category or its ok to run in in my home directory or should it be in ports directory? thanks __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: pkg_add help
should it be in the ports directory when running pkg_add? like usr/ports/security/packge say the package is in the security category or its ok to run in in my home directory or should it be in ports directory? pkg_add can be run from anywhere, and the file.tgz can reside anywhere. I usually just fetch the package to my home dir then su and pkg_add it. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pkg_add help
If it's a port, say, /usr/ports/security/nmap, you should: # cd /usr/ports/security/nmap # make install clean This will compile nmap and install it. Regards, Augusto Jun Devegili On Sun, 2003-07-27 at 18:54, marlon corleone wrote: should it be in the ports directory when running pkg_add? like usr/ports/security/packge say the package is in the security category or its ok to run in in my home directory or should it be in ports directory? thanks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pkg_add help
I am trying to install kde-3 via package add. I can not because /var is filling up. After a few attemps I tried: pkg_add -p /usr/tmp -t /usr/tmp/instmp.XX -r kde I can still watch /var/tmp fill up. I finally seemed to make things work by setting PKG_TMPDIR. I guess I do not understand the purpose of the -p and -t operands. Any pointers appreciated, I am quite lost on this. _ Douglas Denault [EMAIL PROTECTED] Voice: 301-469-8766 Fax: 301-469-0601 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message