pkg_add blocked by IPFirewall
Jose Borquez
bsdlists at sbcglobal.net
Mon Dec 12 23:35:39 PST 2005
Matthew Seaman wrote:
> Jose Borquez wrote:
>
>> I am attempting to install cvsup using pkg_add -r but I keep getting
>> the following error:
>>
>> Error: FTP Unable to get
>> ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz:
>>
>> No route to host pkg_add: unable to fetch
>> 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz'
>>
>> by URL
>>
>> I know that it is being blocked by my firewall. What are the tcp and
>> udp ports that I need to open up for pkg_add to get the package?
>
>
> You will need to:
>
> a) set FTP_PASSIVE_MODE=yes in your environment. It should be set by
> default.
>
> b) Configure your firewall to allow stateful outgoing tcp connections
> to any IP port 21 and also to any port in the 'high ports' range.
> On FreeBSD by default that's 49152-65535. Other OSes differ. The
> 'high ports' range is configurable by modifying the
> net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast
> sysctls.
>
> That should let you use PASV or EPSV-style passive mode FTP through
> your firewall. It's not possible to effectively firewall active mode
> FTP clients (let alone FTP servers) satisfactorily without using an FTP
> proxy on your firewall, such as ftp-proxy(8). For a personal machine just
> allowing passive mode FTP will be sufficient.
>
> Cheers,
>
> Matthew
>
That was very helpful. It worked! Thank you.
Jose
More information about the freebsd-questions
mailing list