From owner-freebsd-questions@FreeBSD.ORG Tue Dec 13 07:35:39 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 448E716A41F for ; Tue, 13 Dec 2005 07:35:39 +0000 (GMT) (envelope-from bsdlists@sbcglobal.net) Received: from smtp110.sbc.mail.mud.yahoo.com (smtp110.sbc.mail.mud.yahoo.com [68.142.198.209]) by mx1.FreeBSD.org (Postfix) with SMTP id 9D64743D5E for ; Tue, 13 Dec 2005 07:35:38 +0000 (GMT) (envelope-from bsdlists@sbcglobal.net) Received: (qmail 78163 invoked from network); 13 Dec 2005 07:35:37 -0000 Received: from unknown (HELO ?127.0.0.1?) (calartstech@sbcglobal.net@68.127.38.82 with plain) by smtp110.sbc.mail.mud.yahoo.com with SMTP; 13 Dec 2005 07:35:37 -0000 Message-ID: <439E79CA.3050208@sbcglobal.net> Date: Mon, 12 Dec 2005 23:35:38 -0800 From: Jose Borquez User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Matthew Seaman References: <439E5ED8.40401@sbcglobal.net> <439E6D33.5040102@infracaninophile.co.uk> In-Reply-To: <439E6D33.5040102@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions group Subject: Re: pkg_add blocked by IPFirewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2005 07:35:39 -0000 Matthew Seaman wrote: > Jose Borquez wrote: > >> I am attempting to install cvsup using pkg_add -r but I keep getting >> the following error: >> >> Error: FTP Unable to get >> ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz: >> >> No route to host pkg_add: unable to fetch >> 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz' >> >> by URL >> >> I know that it is being blocked by my firewall. What are the tcp and >> udp ports that I need to open up for pkg_add to get the package? > > > You will need to: > > a) set FTP_PASSIVE_MODE=yes in your environment. It should be set by > default. > > b) Configure your firewall to allow stateful outgoing tcp connections > to any IP port 21 and also to any port in the 'high ports' range. > On FreeBSD by default that's 49152-65535. Other OSes differ. The > 'high ports' range is configurable by modifying the > net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast > sysctls. > > That should let you use PASV or EPSV-style passive mode FTP through > your firewall. It's not possible to effectively firewall active mode > FTP clients (let alone FTP servers) satisfactorily without using an FTP > proxy on your firewall, such as ftp-proxy(8). For a personal machine just > allowing passive mode FTP will be sufficient. > > Cheers, > > Matthew > That was very helpful. It worked! Thank you. Jose