Kevin Kinsey wrote:
Robert H. Perry wrote:
I'm running FreeBSD RELEASE 5.4 and recently installed IPF Firewall. I
rarely download files using FTP but have little choice using
portupgrade. Now, during an upgrade, I often see the error message,
"No route to host..."
while connecting with an FTP site. If I disable the IPF/IPNAT rules
the problem no longer exists.
I've followed installation instructions in the Handbook paying particular
attention to the section on IPNAT rules. (I do not claim to entirely
understand
what I read however.) My immediate question however is how current
are the
instructions? There is a caveat immediately following the IPF
Firewall Section
title: "This section is work in progress. The contents might not be
accurate at
all times." If it is accurate and should resolve my FTP problems,
I'll simply re-read
it until I get it right.
Any other hints are also appreciated.
This would probably fall under your "other hints" category.
Your firewall should be allowing extant connections to continue --- IOW,
showing
stateful behavior. Some FTP data connections use high-numbered ports, and
it sounds as if these are being blocked by your firewall. YMMV.
Note that setting FTP_PASSIVE_MODE in your environment might be
worth a shot.
I am sorry that I'm not an IPF user and can't give more detailed help.
Good luck with your issue.
Kevin Kinsey
Thank you for your suggestions. I do run stateful rules and may try
passive FTP.
I just upgraded with portupgrade and noticed some FTP issues (i.e. no
route to host) so I flushed out the ipnat tables and things improved.
Is that my imagination or just coincidence?
And Daniel, thanks for your suggestions including the active/passive
illustrations.
Bob Perry
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"