Date: Wed, 26 Sep 2007 21:53:46 -0700 (PDT) From: kbsd <kimlor@shaw.ca> To: freebsd-pf@freebsd.org Subject: Newbie - cannot upgrade packages from FTP sites Message-ID: <12914823.post@talk.nabble.com>
next in thread | raw e-mail | index | archive | help
I am new to FreeBSD 6.2 and am having problems upgrading packages from FTP sites. Ports build fine from http but I prefer to use packages if possible. I have not found any clear information on setting up PF rules for FTP with only one interface. Please check my rules and tell me if I am missing something. Thanks Example of upgrade failure: [Updating the pkgdb <format:bdb_btree> in /var/db/pkg ... - 491 packages found (-0 +1) . done] ---> Checking for the latest package of 'audio/libmtp' ---> Fetching the package(s) for 'libmtp-0.2.1' (audio/libmtp) ---> Fetching libmtp-0.2.1 fetch: ftp://packageftp.desktopbsd.net/pub/FreeBSD/ports/i386/packages-6-stable/All/libmtp-0.2.1.tbz: Operation not permitted ** The command returned a non-zero exit status: 1 ** Failed to fetch ftp://packageftp.desktopbsd.net/pub/FreeBSD/ports/i386/packages-6-stable/All/libmtp-0.2.1.tbz fetch: ftp://packageftp.desktopbsd.net/pub/FreeBSD/ports/i386/packages-6-stable/All/libmtp-0.2.1.tgz: Operation not permitted ** The command returned a non-zero exit status: 1 ** Failed to fetch ftp://packageftp.desktopbsd.net/pub/FreeBSD/ports/i386/packages-6-stable/All/libmtp-0.2.1.tgz ** Failed to fetch libmtp-0.2.1 ** Listing the failed packages (*:skipped / !:failed) ! libmtp-0.2.1 (fetch error) ---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed ** Could not find the latest version (0.2.1) ---> Using the port instead of a package These are my filter rules: ext_if = "sis0" # Macros tcp_pass = "{ 53, 80, 25, 110, 123, 443, 631, 20, 21, 8080 }" udp_pass = "{ 53, 110, 443, 631, 20, 21, 8080 }" # Options: tune the behavior of pf, default values are given. set timeout { interval 10, frag 30 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set timeout { adaptive.start 0, adaptive.end 0 } set limit { states 10000, frags 5000 } set loginterface none set optimization normal set block-policy drop set require-order yes set fingerprints "/etc/pf.os" # Normalization: reassemble fragments and resolve or reduce traffic ambiguities. scrub in all # antispoof antispoof for $ext_if # firewall default block all block all pass quick on lo0 all # tcp pass in on $ext_if inet proto tcp from any to $ext_if port 20 keep state pass in on $ext_if inet proto tcp from any to $ext_if port 21 keep state pass in on $ext_if inet proto tcp from any to $ext_if port > 49151 keep state pass out on $ext_if inet proto tcp to any port $tcp_pass flags S/SA keep state # udp pass in on $ext_if inet proto udp from any to $ext_if port 20 keep state pass in on $ext_if inet proto udp from any to $ext_if port 21 keep state pass out on $ext_if inet proto udp to any port $udp_pass keep state # end rules -- View this message in context: http://www.nabble.com/Newbie---cannot-upgrade-packages-from-FTP-sites-tf4526399.html#a12914823 Sent from the freebsd-pf mailing list archive at Nabble.com.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12914823.post>