Date: Mon, 12 Dec 2005 23:35:38 -0800 From: Jose Borquez <bsdlists@sbcglobal.net> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: FreeBSD Questions group <freebsd-questions@freebsd.org> Subject: Re: pkg_add blocked by IPFirewall Message-ID: <439E79CA.3050208@sbcglobal.net> In-Reply-To: <439E6D33.5040102@infracaninophile.co.uk> References: <439E5ED8.40401@sbcglobal.net> <439E6D33.5040102@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > Jose Borquez wrote: > >> I am attempting to install cvsup using pkg_add -r but I keep getting >> the following error: >> >> Error: FTP Unable to get >> ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz: >> >> No route to host pkg_add: unable to fetch >> 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz' >> >> by URL >> >> I know that it is being blocked by my firewall. What are the tcp and >> udp ports that I need to open up for pkg_add to get the package? > > > You will need to: > > a) set FTP_PASSIVE_MODE=yes in your environment. It should be set by > default. > > b) Configure your firewall to allow stateful outgoing tcp connections > to any IP port 21 and also to any port in the 'high ports' range. > On FreeBSD by default that's 49152-65535. Other OSes differ. The > 'high ports' range is configurable by modifying the > net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast > sysctls. > > That should let you use PASV or EPSV-style passive mode FTP through > your firewall. It's not possible to effectively firewall active mode > FTP clients (let alone FTP servers) satisfactorily without using an FTP > proxy on your firewall, such as ftp-proxy(8). For a personal machine just > allowing passive mode FTP will be sufficient. > > Cheers, > > Matthew > That was very helpful. It worked! Thank you. Jose
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?439E79CA.3050208>