Date: Mon, 13 Jun 2011 12:37:02 +0100 From: "Dave" <dave@g8kbv.demon.co.uk> To: freebsd-questions@freebsd.org Subject: Re: ftp installation Message-ID: <4DF5F65E.4944.2D034AE4@dave.g8kbv.demon.co.uk> In-Reply-To: <864559.78569.qm@web36503.mail.mud.yahoo.com> References: <Pine.GSO.4.64.1106111841190.4137@nber6>, <alpine.LFD.2.00.1106112048390.28136@nber7.nber.org>, <864559.78569.qm@web36503.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 Jun 2011 at 4:32, Bill Tillman wrote: > > ________________________________ > From: Daniel Feenberg <feenberg@nber.org> > Subject: Re: ftp installation > > > On Sat, 11 Jun 2011, Robert Simmons wrote: > > > On Sat, Jun 11, 2011 at 6:52 PM, Daniel Feenberg <feenberg@nber.org> > > wrote: > >> > >> I have tried many of the ftp sites enumerated in sysinstall, with > >> both 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation > >> proceeds for a few seconds and then hangs, with the last message on > >> the console always being: > >> > >> =A0DEBUG: Generating /etc/fstab file. > >> > ... > >> > >> Is there something off about the sysinstall ftp dialog? I don't see > >> a way to monitor what is happening. > > > > Your firewall may be interfering with the connection.=A0 You may want > > to read the handbook section on FTP installs (the grey box at the > > bottom of the page): > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-me > > dia.html > > > > Well, our router has never interfered with ftp transfers done from the > command line, but switching to the firewall-friendly mode in > sysinstall does fix the problem. > > Thank you > Daniel Feenberg > NBER > > > If I recall correctly I had to open up my firewall completely to get > the ftp installations to work. I use a FreeBSD diskless router running > IPFW+NATD and the log files are set to max out at 5 so I can't see > which port is trying to be used which gets blocked. So just for the 10 > minutes or so to do an FTP install I just open the firewall wide and > allow any to any. Once the install is complete I close the firewall > again. > > That's why "Passive" (or PASV) mode is included in FTP. It only ever makes outgoing connections from a client. 99.9% of all routers/firewalls will honour that mode with no probems, unless it's been specifically blocked by an admin type somewhere. In the F'BSD install/update settings/dialogs etc, always select the option to use FTP from behind a firewall or router, or "Firewall Friendly" mode. That will invoke Passive mode transfers. It's the one thing I can do reliably with FreeBSD, no need to mess with router/firewall permissions etc. That only needs doing if you want to run a server that is reachable from outside your LAN. That in turn, opens a whole oil drum load (i.e. a big can of worms!) of potential security issues.... Take care. DaveB PS: Worth looking at, for a good, if lenghty explanation. http://slacksite.com/other/ftp.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DF5F65E.4944.2D034AE4>