From owner-freebsd-stable  Wed Sep 13  6: 0:59 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from dnvrpop5.dnvr.uswest.net (dnvrpop5.dnvr.uswest.net [206.196.128.7])
	by hub.freebsd.org (Postfix) with SMTP id A219137B423
	for <freebsd-stable@FreeBSD.ORG>; Wed, 13 Sep 2000 06:00:53 -0700 (PDT)
Received: (qmail 95271 invoked by alias); 13 Sep 2000 13:00:53 -0000
Delivered-To: fixup-freebsd-stable@FreeBSD.ORG@fixme
Received: (qmail 95243 invoked by uid 0); 13 Sep 2000 13:00:52 -0000
Received: from unknown (HELO osti.methodsystems.com) (63.227.49.195)
  by dnvrpop5.dnvr.uswest.net with SMTP; 13 Sep 2000 13:00:52 -0000
Content-Length: 1703
Message-ID: <XFMail.000913070052.wolpert@methodsystems.com>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <4.3.2.7.2.20000913004042.00b1ce88@mail.megapathdsl.net>
Date: Wed, 13 Sep 2000 07:00:52 -0600 (MDT)
From: Edward Wolpert <wolpert@methodsystems.com>
To: Allen Landsidel <all@biosys.net>
Subject: Re: ipfw changes in latest stable
Cc: freebsd-stable@FreeBSD.ORG
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

-----BEGIN PGP SIGNED MESSAGE-----


I tried to add FTP_PASSIVE_MODE=YES in my /etc/make.conf but to no
avail... the only way was to allow the ftp-data pipe in. This didn't
use to be necessary... and ideas on what may have changed?


On 13-Sep-00 Allen Landsidel wrote:
> At 22:13 09/12/2000 -0600, Edward Wolpert wrote:
>>   Over the weekend, I updated to the latest 4.1-stable from an update
>>about a few weeks ago. I've got the simple firewall setup (basically,
>>the client mode in the rc.firewall file) on my box.  However, I can't
>>do a fetch (via 'make install') on items in the ports directory anymore.
>>I can't ftp anymore. When I try, I can contact the site, but when I
>>try to download files, it doesn't work.  When I open up the tcp ports
>>via ipfw, it then lets me. Any recent changes to ipfw lately that could
>>explain this? (It used to work)  Thanks.
> 
> You need to use ftp in passive mode unless you have rules that allow the 
> ftp-data information to come in.  I believe there is an example config for 
> this in the ipfw documentation.  I'm not sure if client does this by 
> default, since I always use the "closed" model and add allow lines myself.

                                           
Virtually,                                 | Open/Web Systems Architect
Edward Wolpert <wolpert@methodsystems.com> | 
             http://www.methodsystems.com  | 4eb8                  4e75
___________________________________________/ 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBOb96hK2tQW/xJRRFAQGJpAL+KsgP3960SUcq0dGJqiNDt/IE5XlZ7SLz
2rlXvm1MRO8Do08S2LTTiSy9pHReQE2JzH6pTUgKerY8b7hp7gsw1psnev07oYqH
nuPrOixkD0rlUgB20s8h5nUetYPcSJwo
=gqJl
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message