Newbie question about ports.

Alex Zbyslaw xfb52 at
Fri Jun 24 18:36:15 GMT 2005

Sam Ip wrote:

>I'm trying out FreeBSD for the first time for use at work.  However,
>there is a corporate firewall and hence ftp traffic doesn't get
>through. I can access http sites.  So if a selling point of FreeBSD is
>its ports collection
>1.  Can you do a CVSup to update your ports via http? 
>2.  Can you install ports via http?
Cvsup does not support http, but neither does it use ftp (see man cvsup, 
especially the -p and -P options).  It requires that a single port be 
openable through your firewall (default 5999).  There is an alternative, 
which I have never used, called CTM (see handbook).

Ftp is required to fetch the source code for ports, but this happens 
when you try and build a port and has nothing to do with cvsup.  The ftp 
connection used to fetch the sources will be a "passive" connection 
which is firewall friendly.  There is no reason, beyond pure paranoia or 
obscene mistrust of employees, for a firewall to block passive-style ftp 
connections.  If I were you, I would ask whoever is in charge of your 
corporate firewall if they do allow passive ftp, and  if they don't, 
then ask for an explanation why not.  If your FreeBSD requirement is 
business related, then they should be helping you get these basic 
services working.

The firewall can easily limit ftp and cvsup connections to be from a 
specified IP address, and to a specified IP address.  Security 
implications: none, since far more dangerous things can be carried in to 
the business on a CD.

*If* (and I have no idea about this) there is a server which has the 
port sources available via HTTP, then you could download them yourself 
either with a web browser or something like lwp-download (part of the 
p5-libwww-5.803 perl package, and quite possibly part of the standard 
perl port).  Every time a port fails to fetch a package via ftp, you 
would have to download it by hand.

The ports collection is *one* selling point for FreeBSD (stability, 
documentation, and just being better than anything else :-) are some 
others).  However, there is no way that you can expect anyone to waste 
their time to work around what can only be described as demented 
security restrictions.

You might be better off looking for a server which can supply you 
packages via HTTP.  Packages are pre-built ports comparable to Linux 
RPMs.  Just like Linux RPMs you get no choice about any configurations 
options which the port provides, and are stuck with whatever the package 
creator used.  That's one reason why the ports are so nice.  See the 
pkg_add manual page and the handbook section on ports and packages.

Just my 0.02,


More information about the freebsd-questions mailing list