configuring fetch to passive mode
Nikos Vassiliadis
nvass at teledomenet.gr
Fri Mar 17 11:15:56 UTC 2006
On Friday 17 March 2006 12:41, Erik Norgaard wrote:
> Hi:
>
> This ought to be a configuration tunable, but I can't find any
> documentaion on it: How to I force fetch to use passive mode?
>
> When I try "make fetch" of some port I get:
>
> => Attempting to fetch from \
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/.
> fetch: \ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/file: \
> Operation not permitted
>
> It fails quickly, no sign of things timing out.
>
> In my firewall (pf), I have
>
> block in quick on $ext_if all
You block everything that comes in from your external interface.
The "quick" keyword means that the search ends there. So you
no incoming traffic passes...
HTH, Nikos
> pass out quick on $ext_if proto tcp all flags S/SA keep state
> pass out quick on $ext_if proto udp all keep state
> pass out quick on $ext_if proto icmp all keep state
>
> which basically block ftp active, but should allow ftp passive. If I
> flush the rules fetch works fine, so it must be an issue of fetch trying
> active mode.
>
> Setting FTP_PASSIVE_MODE=YES as environment variable or in make.conf
> doesn't change a thing.
>
> Thanks, Erik
More information about the freebsd-questions
mailing list