installing ports behind IPFILTER
Mikhail Goriachev
mikhailg at webanoide.org
Sun May 21 15:57:11 PDT 2006
Brett Wiggins wrote:
> Hi everyone,
> I am having some problems installing ports when I have
>
> IPFILTER running. I have put FTP_PASSIVE_MODE=YES in /etc/make.conf
>
> but the command 'make all install clean' yields;
>
> ===> Vulnerability check disabled, database not found
> => jce-aba-1.1.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
> => Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/znerd/.
> fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/znerd/jce-aba-1.1.tar.gz: Network is unreachable
> *** Error code 1
>
> This happens when I try to install ports or pakages. I have also tried
>
> to install with tcp/ip ports 20,21 and 22 open but to no avail.
>
> Could you please CC me if you can help, am not on the list due to
>
> this mailbox being from a University. My IPFILTER is set to block by
>
> default in my kernel, and I am running 6.1 RELEASE
G'day,
Probably this is what you're after:
# Allow out gateway & LAN users non-secure FTP ( both passive & active
modes)
# This function uses the IPNAT built in FTP proxy function coded in
# the nat rules file to make this single rule function correctly.
# If you want to use the pkg_add command to install application packages
# on your gateway system you need this rule.
pass out quick on dc0 proto tcp from any to any port = 21 flags S keep state
That one is from:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html
Cheers,
Mikhail.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: mikhailg at webanoide.org
Web: http://www.webanoide.org
PGP Key ID: 0x4E148A3B
PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B
More information about the freebsd-questions
mailing list