Newbie question about ports.
Alex Zbyslaw
xfb52 at dial.pipex.com
Fri Jun 24 18:36:15 GMT 2005
Sam Ip wrote:
>I'm trying out FreeBSD for the first time for use at work. However,
>there is a corporate firewall and hence ftp traffic doesn't get
>through. I can access http sites. So if a selling point of FreeBSD is
>its ports collection
>
>1. Can you do a CVSup to update your ports via http?
>
>2. Can you install ports via http?
>
>
Cvsup does not support http, but neither does it use ftp (see man cvsup,
especially the -p and -P options). It requires that a single port be
openable through your firewall (default 5999). There is an alternative,
which I have never used, called CTM (see handbook).
Ftp is required to fetch the source code for ports, but this happens
when you try and build a port and has nothing to do with cvsup. The ftp
connection used to fetch the sources will be a "passive" connection
which is firewall friendly. There is no reason, beyond pure paranoia or
obscene mistrust of employees, for a firewall to block passive-style ftp
connections. If I were you, I would ask whoever is in charge of your
corporate firewall if they do allow passive ftp, and if they don't,
then ask for an explanation why not. If your FreeBSD requirement is
business related, then they should be helping you get these basic
services working.
The firewall can easily limit ftp and cvsup connections to be from a
specified IP address, and to a specified IP address. Security
implications: none, since far more dangerous things can be carried in to
the business on a CD.
*If* (and I have no idea about this) there is a server which has the
port sources available via HTTP, then you could download them yourself
either with a web browser or something like lwp-download (part of the
p5-libwww-5.803 perl package, and quite possibly part of the standard
perl port). Every time a port fails to fetch a package via ftp, you
would have to download it by hand.
The ports collection is *one* selling point for FreeBSD (stability,
documentation, and just being better than anything else :-) are some
others). However, there is no way that you can expect anyone to waste
their time to work around what can only be described as demented
security restrictions.
You might be better off looking for a server which can supply you
packages via HTTP. Packages are pre-built ports comparable to Linux
RPMs. Just like Linux RPMs you get no choice about any configurations
options which the port provides, and are stuck with whatever the package
creator used. That's one reason why the ports are so nice. See the
pkg_add manual page and the handbook section on ports and packages.
Just my 0.02,
--Alex
More information about the freebsd-questions
mailing list