pkg_add blocked by IPFirewall
Matthew Seaman
m.seaman at infracaninophile.co.uk
Mon Dec 12 22:42:10 PST 2005
Jose Borquez wrote:
> I am attempting to install cvsup using pkg_add -r but I keep getting
> the following error:
>
> Error: FTP Unable to get
> ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz:
> No route to host pkg_add: unable to fetch
> 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz'
> by URL
>
> I know that it is being blocked by my firewall. What are the tcp and
> udp ports that I need to open up for pkg_add to get the package?
You will need to:
a) set FTP_PASSIVE_MODE=yes in your environment. It should be set by
default.
b) Configure your firewall to allow stateful outgoing tcp connections
to any IP port 21 and also to any port in the 'high ports' range.
On FreeBSD by default that's 49152-65535. Other OSes differ. The
'high ports' range is configurable by modifying the
net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast sysctls.
That should let you use PASV or EPSV-style passive mode FTP through
your firewall. It's not possible to effectively firewall active mode
FTP clients (let alone FTP servers) satisfactorily without using an FTP
proxy on your firewall, such as ftp-proxy(8). For a personal machine just
allowing passive mode FTP will be sufficient.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
More information about the freebsd-questions
mailing list