Re: cannot ftp using proxy
I found that environment variables was set trought /etc/login.conf, like this: root:\ :ignorenologin:\ :setenv=http_proxy=http\c//myproxy\c8080,ftp_proxy=http\c//myproxy\c8080:\ :tc=default: After cutting "setenv" part in login.conf and setting proxy in .cshrc, I can "ftp" using proxy. Thank you for help! VS. On Mon, 3 Jun 2013, Lawrence K. Chen, P.Eng. wrote: Delving through the source code...it appears that it only uses the ftp_proxy when given an ftp url something like: ftp ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT Requesting ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT (via www-proxy.ksu.edu:8080) 100% |***| 3795 26.38 KiB/s00:00 ETA 3795 bytes retrieved in 00:00 (26.36 KiB/s) Only the fetch side uses proxy (triggered by there being a ':' in the argument.) The interactive ftp side doesn't. - Original Message - Hello! Still can't resolve problem with "ftp" utility. root@ona:/root # ftp ftp2.freebsd.org ftp: Can't connect to `128.205.32.24:21': Operation timed out ftp: Can't connect to `ftp2.freebsd.org:ftp' ftp> "socksta -4" tells me that it is not even trying to connect to proxy server, connecting directly instead: root@ona:/root # sockstat -4 USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root ftp54160 3 tcp4 10.10.15.26:50457 128.205.32.24:21 root@ona:/root # uname -a FreeBSD ona.iem.gov.lv 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:27:25 UTC 2013 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 root@ona:/root # env TERM=screen ftp_proxy=http://myproxy:8080 http_proxy=http://myproxy:8080 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin SHELL=/bin/csh HOME=/root USER=root HOSTTYPE=FreeBSD VENDOR=amd OSTYPE=FreeBSD MACHTYPE=x86_64 SHLVL=1 PWD=/root LOGNAME=root GROUP=wheel HOST=ona EDITOR=vi PAGER=more BLOCKSIZE=K Tried to google with no luck - no solution works for me. By the way, "fetch" works as expected, I can fetch and install ports. I would appreciate any help and/or any hints! Best regards! VS. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkc...@ksu.edu Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: cannot ftp using proxy
Delving through the source code...it appears that it only uses the ftp_proxy when given an ftp url something like: > ftp ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT Requesting ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT (via www-proxy.ksu.edu:8080) 100% |***| 3795 26.38 KiB/s00:00 ETA 3795 bytes retrieved in 00:00 (26.36 KiB/s) Only the fetch side uses proxy (triggered by there being a ':' in the argument.) The interactive ftp side doesn't. - Original Message - > Hello! > Still can't resolve problem with "ftp" utility. > > root@ona:/root # ftp ftp2.freebsd.org > ftp: Can't connect to `128.205.32.24:21': Operation timed out > ftp: Can't connect to `ftp2.freebsd.org:ftp' > ftp> > > "socksta -4" tells me that it is not even trying to connect to proxy > server, connecting directly instead: > > root@ona:/root # sockstat -4 > USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN > ADDRESS > root ftp54160 3 tcp4 10.10.15.26:50457 > 128.205.32.24:21 > > > root@ona:/root # uname -a > FreeBSD ona.iem.gov.lv 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon > Apr 29 18:27:25 UTC 2013 > r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC > amd64 > > > root@ona:/root # env > TERM=screen > ftp_proxy=http://myproxy:8080 > http_proxy=http://myproxy:8080 > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin > SHELL=/bin/csh > HOME=/root > USER=root > HOSTTYPE=FreeBSD > VENDOR=amd > OSTYPE=FreeBSD > MACHTYPE=x86_64 > SHLVL=1 > PWD=/root > LOGNAME=root > GROUP=wheel > HOST=ona > EDITOR=vi > PAGER=more > BLOCKSIZE=K > > Tried to google with no luck - no solution works for me. By the way, > "fetch" works as expected, I can fetch and install ports. > I would appreciate any help and/or any hints! > > Best regards! > VS. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscr...@freebsd.org" > -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkc...@ksu.edu Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
cannot ftp using proxy
Hello! Still can't resolve problem with "ftp" utility. root@ona:/root # ftp ftp2.freebsd.org ftp: Can't connect to `128.205.32.24:21': Operation timed out ftp: Can't connect to `ftp2.freebsd.org:ftp' ftp> "socksta -4" tells me that it is not even trying to connect to proxy server, connecting directly instead: root@ona:/root # sockstat -4 USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root ftp54160 3 tcp4 10.10.15.26:50457 128.205.32.24:21 root@ona:/root # uname -a FreeBSD ona.iem.gov.lv 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:27:25 UTC 2013 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 root@ona:/root # env TERM=screen ftp_proxy=http://myproxy:8080 http_proxy=http://myproxy:8080 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin SHELL=/bin/csh HOME=/root USER=root HOSTTYPE=FreeBSD VENDOR=amd OSTYPE=FreeBSD MACHTYPE=x86_64 SHLVL=1 PWD=/root LOGNAME=root GROUP=wheel HOST=ona EDITOR=vi PAGER=more BLOCKSIZE=K Tried to google with no luck - no solution works for me. By the way, "fetch" works as expected, I can fetch and install ports. I would appreciate any help and/or any hints! Best regards! VS. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: cannot use ftp utility throught proxy
Tried "ftp_proxy=http://proxyserver:8080"; - no connection to proxy server.
root@:/root # env
TERM=screen
FTP_PROXY=http://proxyserver:8080
HTTP_PROXY=http://proxyserver:8080
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin
SHELL=/bin/csh
HOME=/root
USER=root
HOSTTYPE=FreeBSD
VENDOR=amd
OSTYPE=FreeBSD
MACHTYPE=x86_64
SHLVL=1
PWD=/root
LOGNAME=root
GROUP=wheel
HOST=myserver
EDITOR=vi
PAGER=more
BLOCKSIZE=K
FETCH_CMD=/usr/bin/fetch -ARrvp -T 10
ftp_proxy=http://proxyserver:8080
Thank You!
VS.
On Tue, 28 May 2013, Polytropon wrote:
On Tue, 28 May 2013 07:08:12 +0300 (EEST), vad...@libre.lv wrote:
Hello!
Can someone help me, please?
Have no luck seting up ftp utility for using proxy.
Already have set environment variables:
FTP_PROXY=http://proxyserver:8080
HTTP_PROXY=http://proxyserver:8080
When try to connect:
root# root@zerver:/root # ftp -a ftp2.FreeBSD.org
root# ftp: Can't connect to `128.205.32.24:21': Operation timed out
root# ftp: Can't connect to `ftp2.FreeBSD.org:ftp'
Used tcpdump to check where it connects:
root# tcpdump -n -ttt -i em0 port ftp
& I can see, that ftp is trying to connect directly to 128.205.32.24.21.
I think I can see the problem. Please check "man ftp" for the
correct name of the environment variables. Unlike typical for
many other programs, those for ftp are written in lower case:
ftp_proxy URL of FTP proxy to use when making FTP URL requests (if
not defined, use the standard FTP protocol).
See http_proxy for further notes about proxy use.
http_proxy URL of HTTP proxy to use when making HTTP URL requests.
If proxy authentication is required and there is a user-
name and password in this URL, they will automatically be
used in the first attempt to authenticate to the proxy.
If ``unsafe'' URL characters are required in the username
or password (for example `@' or `/'), encode them with RFC
1738 `%XX' encoding.
Note that the use of a username and password in ftp_proxy
and http_proxy may be incompatible with other programs
that use it (such as lynx(1)).
NOTE: this is not used for interactive sessions, only for
command-line fetches.
You can also interactively set those (again, see "man ftp" for
more details).
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: cannot use ftp utility throught proxy
On Tue, May 28, 2013 at 07:08:12AM +0300, vad...@libre.lv wrote: > Hello! > Can someone help me, please? > > Have no luck seting up ftp utility for using proxy. > Already have set environment variables: > FTP_PROXY=http://proxyserver:8080 > HTTP_PROXY=http://proxyserver:8080 > > When try to connect: > root# root@zerver:/root # ftp -a ftp2.FreeBSD.org > root# ftp: Can't connect to `128.205.32.24:21': Operation timed out > root# ftp: Can't connect to `ftp2.FreeBSD.org:ftp' > > Used tcpdump to check where it connects: > root# tcpdump -n -ttt -i em0 port ftp > > & I can see, that ftp is trying to connect directly to 128.205.32.24.21. > > Tried to use this env variable, but without acceptable results: > FETCH_CMD=/usr/bin/fetch -ARrvp -T 10 > > uname -a > 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:27:25 UTC > 2013 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC > amd64 > > Excuses my language, not native English. > > Have a lucky day! > VS. According to the ftp manpage, the variables for proxying are: ftp_proxy URL of FTP proxy to use when making FTP URL requests (if not defined, use the standard FTP protocol). See http_proxy for further notes about proxy use. http_proxy URL of HTTP proxy to use when making HTTP URL requests. If proxy authentication is required and there is a user- name and password in this URL, they will automatically be used in the first attempt to authenticate to the proxy. If ``unsafe'' URL characters are required in the username or password (for example `@' or `/'), encode them with RFC3986 `%XX' encoding. Note that the use of a username and password in ftp_proxy and http_proxy may be incompatible with other programs that use it (such as lynx(1)). NOTE: this is not used for interactive sessions, only for command-line fetches. Notice the capitalization, "ftp_proxy" as opposed to "FTP_PROXY". Not sure why environment variables are not all caps, seems inconsistent. -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: cannot use ftp utility throught proxy
On Tue, 28 May 2013 07:08:12 +0300 (EEST), vad...@libre.lv wrote: > Hello! > Can someone help me, please? > > Have no luck seting up ftp utility for using proxy. > Already have set environment variables: > FTP_PROXY=http://proxyserver:8080 > HTTP_PROXY=http://proxyserver:8080 > > When try to connect: > root# root@zerver:/root # ftp -a ftp2.FreeBSD.org > root# ftp: Can't connect to `128.205.32.24:21': Operation timed out > root# ftp: Can't connect to `ftp2.FreeBSD.org:ftp' > > Used tcpdump to check where it connects: > root# tcpdump -n -ttt -i em0 port ftp > > & I can see, that ftp is trying to connect directly to 128.205.32.24.21. I think I can see the problem. Please check "man ftp" for the correct name of the environment variables. Unlike typical for many other programs, those for ftp are written in lower case: ftp_proxy URL of FTP proxy to use when making FTP URL requests (if not defined, use the standard FTP protocol). See http_proxy for further notes about proxy use. http_proxy URL of HTTP proxy to use when making HTTP URL requests. If proxy authentication is required and there is a user- name and password in this URL, they will automatically be used in the first attempt to authenticate to the proxy. If ``unsafe'' URL characters are required in the username or password (for example `@' or `/'), encode them with RFC 1738 `%XX' encoding. Note that the use of a username and password in ftp_proxy and http_proxy may be incompatible with other programs that use it (such as lynx(1)). NOTE: this is not used for interactive sessions, only for command-line fetches. You can also interactively set those (again, see "man ftp" for more details). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
cannot use ftp utility throught proxy
Hello! Can someone help me, please? Have no luck seting up ftp utility for using proxy. Already have set environment variables: FTP_PROXY=http://proxyserver:8080 HTTP_PROXY=http://proxyserver:8080 When try to connect: root# root@zerver:/root # ftp -a ftp2.FreeBSD.org root# ftp: Can't connect to `128.205.32.24:21': Operation timed out root# ftp: Can't connect to `ftp2.FreeBSD.org:ftp' Used tcpdump to check where it connects: root# tcpdump -n -ttt -i em0 port ftp & I can see, that ftp is trying to connect directly to 128.205.32.24.21. Tried to use this env variable, but without acceptable results: FETCH_CMD=/usr/bin/fetch -ARrvp -T 10 uname -a 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:27:25 UTC 2013 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 Excuses my language, not native English. Have a lucky day! VS. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Installing 8.1-RELEASE - Problems via FTP
- Original Message - > > On May 21, 2013, at 9:39 AM, Tim Nelson wrote: > > > Greetings- > > > > I have need to install FreeBSD 8.1-RELEASE amd64 to build some > > packages. My usual method of installation is via the > > *-bootonly.iso, pulling the install from FTP. However, it appears > > since 8.1-RELEASE is old and deprecated, none of the mirrors have > > the files available anymore to use during the installer. > > > > Poppycock… > > BEFORE you get to the sysinstall media selection dialog, make a > detour into the "Options", use arrow-up/down to highlight "Release > Name", press SPACEBAR, and change from X.Y-RELEASE to "any" (without > quotes; also acceptable would be "__RELEASE" without quotes). > > NOTE: This will tell sysinstall to *not* try and auto-detect the > release directory path on the FTP server but instead use the exact > path that you give it. > > When you get to the media selection dialog, use FTP-Passive with the > following URL: > > > ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/ > > That should work. The "any" (or "__RELEASE") release-name tells it to > not try things like "pub/FreeBSD/releases//" (which > obviously doesn't exist, given extra "-Archive" and "old-" prefixes > in some of the path directory elements). > > This worked perfectly, no problems. Thanks for the help! --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Installing 8.1-RELEASE - Problems via FTP
On May 21, 2013, at 9:39 AM, Tim Nelson wrote: > Greetings- > > I have need to install FreeBSD 8.1-RELEASE amd64 to build some packages. My > usual method of installation is via the *-bootonly.iso, pulling the install > from FTP. However, it appears since 8.1-RELEASE is old and deprecated, none > of the mirrors have the files available anymore to use during the installer. > Poppycock… BEFORE you get to the sysinstall media selection dialog, make a detour into the "Options", use arrow-up/down to highlight "Release Name", press SPACEBAR, and change from X.Y-RELEASE to "any" (without quotes; also acceptable would be "__RELEASE" without quotes). NOTE: This will tell sysinstall to *not* try and auto-detect the release directory path on the FTP server but instead use the exact path that you give it. When you get to the media selection dialog, use FTP-Passive with the following URL: ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/ That should work. The "any" (or "__RELEASE") release-name tells it to not try things like "pub/FreeBSD/releases//" (which obviously doesn't exist, given extra "-Archive" and "old-" prefixes in some of the path directory elements). > So, how do I proceed: > > 1. Does anyone have a proper URL to put into the installer? I already tried > ftp://ftp-archive.freebsd.org but I think there is additional path info needed Right… but you really need to make the detour into the "Options" and change "Release Name" to either "any" or "__RELEASE" to indicate that the path you are providing is absolute (otherwise, sysinstall try to intelligently find the directory based off the architecture that it booted from -- this was done to make maintenance easier). Just go into the Options and set "Release Name" to "any" (HINT: if you were scripting sysinstall, you'd be able to do the same thing with "relName=any") and then use: ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE NOTE: Replace i386 with amd64 if you want 64-bit build > 2. Should I install from the full CD or DVDs? If successful, would I still > have problems pulling the ports tree for 8.1-RELEASE? > If you use the above method, you can have the CD pull the static ports collection off the FTP server. However, (and this may be what you desire) just note that the ports collection when installed from an FTP mirror is not an up-to-date snapshot of the constantly-shifting ports tree. -- DevinD _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Installing 8.1-RELEASE - Problems via FTP
Greetings- I have need to install FreeBSD 8.1-RELEASE amd64 to build some packages. My usual method of installation is via the *-bootonly.iso, pulling the install from FTP. However, it appears since 8.1-RELEASE is old and deprecated, none of the mirrors have the files available anymore to use during the installer. So, how do I proceed: 1. Does anyone have a proper URL to put into the installer? I already tried ftp://ftp-archive.freebsd.org but I think there is additional path info needed 2. Should I install from the full CD or DVDs? If successful, would I still have problems pulling the ports tree for 8.1-RELEASE? Thanks! --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Problems with IPFW causing failed DNS and FTP sessions
My DNS config is pretty generic. I did try putting in the options to stop
recursive lookups, but all that did was cause even more failures (permission
denied lookups, etc...), so I removed that.
Here's my basic config;
options {
directory "/etc/namedb";
pid-file"/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
};
zone "." {
type hint;
file "named.root";
};
I'm not sure the problem is specific to named, but something more systemic
with IPFW like I said, FTP sessions are timing out as well, and when I
turn off IPFW that fixes that problem too.
Is there any way to monitor what IPFW is dropping, by some sort of counters
rather than logging everything, and see what's going on internally to IPFW?
Thanks!
-Original Message-
From: Michael Sierchio [mailto:ku...@tenebras.com]
Sent: Monday, April 01, 2013 7:23 AM
To: Don O'Neil
Cc: freebsd-questions@freebsd.org
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
Okay, what's your DNS setup? Are you running a recursive cache that
contacts the root servers directly? Using your ISP's servers? Etc.
As a mitigation step, I tried pointing my caches to 8.8.8.8 and
8.8.4.4. - but it turns out that Google is intentionally blocking
(returning NX responses to) many netblocks right now because they
contain hosts known to be part of the botnet in the DDOS DNS
amplification attack.
I'm mirroring the root zone everywhere I have a cache, and it's helping.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problems with IPFW causing failed DNS and FTP sessions
Okay, what's your DNS setup? Are you running a recursive cache that contacts the root servers directly? Using your ISP's servers? Etc. As a mitigation step, I tried pointing my caches to 8.8.8.8 and 8.8.4.4. - but it turns out that Google is intentionally blocking (returning NX responses to) many netblocks right now because they contain hosts known to be part of the botnet in the DDOS DNS amplification attack. I'm mirroring the root zone everywhere I have a cache, and it's helping. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Problems with IPFW causing failed DNS and FTP sessions
Well I tried changing them to various numbers up to 180 from 1 and 5 respectively and that didn't help. Anyone else get around all this DNS mess with timeouts? It's causing my mail server to throw errors; host lookup did not complete and not deliver mail. -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Michael Sierchio Sent: Sunday, March 31, 2013 10:04 PM To: Don O'Neil Cc: freebsd-questions@freebsd.org Subject: Re: Problems with IPFW causing failed DNS and FTP sessions net.inet.ip.fw.dyn_short_lifetime ? net.inet.ip.fw.dyn_udp_lifetime ? You might want to increase these, given the current state of things... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problems with IPFW causing failed DNS and FTP sessions
net.inet.ip.fw.dyn_short_lifetime ? net.inet.ip.fw.dyn_udp_lifetime ? You might want to increase these, given the current state of things... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problems with IPFW causing failed DNS and FTP sessions
On Sun, Mar 31, 2013 at 9:39 PM, Michael Powell wrote: > I'm probably not smart enough to be able to help directly with your problem > but I'd like to add that there is a snowballing DNS Amplification ddos > attack against SpamHaus going on which is spilling over Yes, this is very much true. The ICANN servers are dropping packets like mad, and many of the .com servers as well. I am mirroring the root zone locally to mitigate. It works to forward DNS to Google's servers (8.8.8.8, 8.8.4.4.) EXCEPT - they are blocking some net blocks (issuing spurious negative responses) because of large numbers of nets with hosts in the botnet participating in the attack. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problems with IPFW causing failed DNS and FTP sessions
I'll give you a more cogent reply tomorrow - if you use keep-state rules, you want to be a little more specific - for tcp, you want "allow tcp from X to Y setup keep-state" - i.e. you start the stateful rule on packets that have the SYN flag set. There are some other oddities here - I'm guessing that the firewall rules are there to protect this box itself... in which case your stateful rules really need only to consider "outbound" traffic, and to allow replies. Let me know if that assumption is erroneous. More later. Time for - M On Sun, Mar 31, 2013 at 9:33 PM, Don O'Neil wrote: > Thanks for the response... here's my full rullset: > > # ipfw list > 00100 check-state > 00101 allow tcp from any to any established > 00102 allow ip from any to any out keep-state > 00103 allow icmp from any to any > 00201 allow ip from any to any via lo0 > 00202 allow ip from any to 127.0.0.0/8 > 00203 allow ip from 127.0.0.0/8 to any > 00204 deny tcp from any to any frag > 00301 deny log logamount 50 ip from any to any ipoptions rr > 00302 deny log logamount 50 ip from any to any ipoptions ts > 00303 deny log logamount 50 ip from any to any ipoptions lsrr > 00304 deny log logamount 50 ip from any to any ipoptions ssrr > 00305 deny log logamount 50 tcp from any to any tcpflags syn,fin > 00306 deny log logamount 50 tcp from any to any tcpflags syn,rst > 01110 allow tcp from any to any dst-port 20 in > 0 allow tcp from any to any dst-port 20 out > 01112 allow tcp from any to any dst-port 21 in > 01113 allow tcp from any to any dst-port 21 out > 01114 allow tcp from any to any dst-port 990 in > 01115 allow tcp from any to any dst-port 990 out > 01116 allow udp from any to any dst-port 990 in > 01117 allow udp from any to any dst-port 990 out > 01118 allow tcp from any to any dst-port 989 in > 01119 allow tcp from any to any dst-port 989 out > 01120 allow udp from any to any dst-port 989 in > 01121 allow udp from any to any dst-port 989 out > 01122 allow tcp from any to any dst-port 1024-65000 keep-state > 01125 allow tcp from any to any dst-port 22 in > 01126 allow tcp from any to any dst-port 22 out > 01130 allow tcp from any to any dst-port 25 in > 01131 allow tcp from any to any dst-port 25 out > 01132 allow tcp from any to any dst-port 587 in > 01133 allow tcp from any to any dst-port 587 out > 01134 allow tcp from any to any dst-port 2525 in > 01135 allow tcp from any to any dst-port 2525 out > 01140 allow tcp from any to any dst-port 110 in > 01141 allow tcp from any to any dst-port 110 out > 01142 allow tcp from any to any dst-port 995 in > 01143 allow tcp from any to any dst-port 995 out > 01144 allow tcp from any to any dst-port 2110 in > 01145 allow tcp from any to any dst-port 2110 out > 01150 allow tcp from any to any dst-port 143 in > 01151 allow tcp from any to any dst-port 143 out > 01152 allow tcp from any to any dst-port 993 in > 01153 allow tcp from any to any dst-port 993 out > 01160 allow udp from any to any dst-port 53 in keep-state > 01161 allow tcp from any to any dst-port 53 in keep-state > 01162 allow udp from any to any dst-port 53 out keep-state > 01163 allow tcp from any to any dst-port 53 out keep-state > 01170 allow tcp from any to any dst-port 80 in > 01171 allow tcp from any to any dst-port 80 out > 01172 allow tcp from any to any dst-port 443 in > 01172 allow tcp from any to any dst-port 443 out > 01180 allow tcp from any to any dst-port in > 01181 allow tcp from any to any dst-port out > 65535 deny ip from any to any > > > I've tried these rules; > > 01160 allow udp from any to any dst-port 53 in > 01161 allow tcp from any to any dst-port 53 in > 01162 allow udp from any to any dst-port 53 out > 01163 allow tcp from any to any dst-port 53 out > > Without the keep-state option, and the problem is still persisting... > > The weird thing is that I've run these rules for a number of years without > any issues until just recently. I've checked my interface stats to make sure > there aren't a bunch of fragmented packets or errors, and there aren't. I'm > not running NAT, it's a publically accessible IP address. > > -Original Message- > From: Michael Sierchio [mailto:ku...@tenebras.com] > Sent: Sunday, March 31, 2013 8:58 PM > To: Don O'Neil > Cc: freebsd-questions@freebsd.org > Subject: Re: Problems with IPFW causing failed DNS and FTP sessions > > It would be really helpful if you'd post the ruleset. > > At first glance, your stateful rules seem rather wrong, unless there's a > check-state above. Also, in and out aren't discriminating enough - every > packet is seen by the ruleset more than once. You should thi
Re: Problems with IPFW causing failed DNS and FTP sessions
Don O'Neil wrote: > Hi everyone. recently my server started having issues with DNS and FTP > sessions either not resolving or timing out. I've tracked the issue down > to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go > away. > [snip] I'm probably not smart enough to be able to help directly with your problem but I'd like to add that there is a snowballing DNS Amplification ddos attack against SpamHaus going on which is spilling over. I was looking at some weird stuff my Suricata was reporting today when I noticed a large majority of it was coming from CloudFlare CDN. They use anycast packet traffic to deflect and diffuse such attacks for their customers. I'm wondering if your box has just been sitting there doing it's thing and you've made zero changes to it so it is essentially 'steady state' and this problem just sort of came up seemingly out of nowhere. Consider a possibility that the cause may be external and what you're seeing is just IPFW's reaction to it. A friend of mine is on a nearby Verizon subnet and he uses their DNS servers. He noticed minimal hiccup while I have my DNS pointed at OpenDNS and it took them almost a day to get their situation under control. Once they did traffic seemed to return to normal, then I noticed Suricata alerting on return traffic in my pf DNS firewall rule. All the traffic Suricata was complaining about was coming from the CloudFlare CDN. I've never seen this before, so I'm not completely certain what to make of it. My hypothesis is OpenDNS subscribed to CloudFlare's "protection", and since it is legit return traffic from my DNS server's lookups the firewall never touched it. I would never have noticed if it wasn't for Suricata. I just don't know enough about it all, just that I was having some flaky DNS stalling and hanging and when it seemed like it returned to normal I began to see this weird stuff from CloudFlare CDN on my DNS traffic. Just would like to point out it may be possible your problem is somehow just a reflection of some noise going on outside your box. As for exactly what you might do about it is for smarter people than me. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Problems with IPFW causing failed DNS and FTP sessions
Thanks for the response... here's my full rullset: # ipfw list 00100 check-state 00101 allow tcp from any to any established 00102 allow ip from any to any out keep-state 00103 allow icmp from any to any 00201 allow ip from any to any via lo0 00202 allow ip from any to 127.0.0.0/8 00203 allow ip from 127.0.0.0/8 to any 00204 deny tcp from any to any frag 00301 deny log logamount 50 ip from any to any ipoptions rr 00302 deny log logamount 50 ip from any to any ipoptions ts 00303 deny log logamount 50 ip from any to any ipoptions lsrr 00304 deny log logamount 50 ip from any to any ipoptions ssrr 00305 deny log logamount 50 tcp from any to any tcpflags syn,fin 00306 deny log logamount 50 tcp from any to any tcpflags syn,rst 01110 allow tcp from any to any dst-port 20 in 0 allow tcp from any to any dst-port 20 out 01112 allow tcp from any to any dst-port 21 in 01113 allow tcp from any to any dst-port 21 out 01114 allow tcp from any to any dst-port 990 in 01115 allow tcp from any to any dst-port 990 out 01116 allow udp from any to any dst-port 990 in 01117 allow udp from any to any dst-port 990 out 01118 allow tcp from any to any dst-port 989 in 01119 allow tcp from any to any dst-port 989 out 01120 allow udp from any to any dst-port 989 in 01121 allow udp from any to any dst-port 989 out 01122 allow tcp from any to any dst-port 1024-65000 keep-state 01125 allow tcp from any to any dst-port 22 in 01126 allow tcp from any to any dst-port 22 out 01130 allow tcp from any to any dst-port 25 in 01131 allow tcp from any to any dst-port 25 out 01132 allow tcp from any to any dst-port 587 in 01133 allow tcp from any to any dst-port 587 out 01134 allow tcp from any to any dst-port 2525 in 01135 allow tcp from any to any dst-port 2525 out 01140 allow tcp from any to any dst-port 110 in 01141 allow tcp from any to any dst-port 110 out 01142 allow tcp from any to any dst-port 995 in 01143 allow tcp from any to any dst-port 995 out 01144 allow tcp from any to any dst-port 2110 in 01145 allow tcp from any to any dst-port 2110 out 01150 allow tcp from any to any dst-port 143 in 01151 allow tcp from any to any dst-port 143 out 01152 allow tcp from any to any dst-port 993 in 01153 allow tcp from any to any dst-port 993 out 01160 allow udp from any to any dst-port 53 in keep-state 01161 allow tcp from any to any dst-port 53 in keep-state 01162 allow udp from any to any dst-port 53 out keep-state 01163 allow tcp from any to any dst-port 53 out keep-state 01170 allow tcp from any to any dst-port 80 in 01171 allow tcp from any to any dst-port 80 out 01172 allow tcp from any to any dst-port 443 in 01172 allow tcp from any to any dst-port 443 out 01180 allow tcp from any to any dst-port in 01181 allow tcp from any to any dst-port out 65535 deny ip from any to any I've tried these rules; 01160 allow udp from any to any dst-port 53 in 01161 allow tcp from any to any dst-port 53 in 01162 allow udp from any to any dst-port 53 out 01163 allow tcp from any to any dst-port 53 out Without the keep-state option, and the problem is still persisting... The weird thing is that I've run these rules for a number of years without any issues until just recently. I've checked my interface stats to make sure there aren't a bunch of fragmented packets or errors, and there aren't. I'm not running NAT, it's a publically accessible IP address. -Original Message- From: Michael Sierchio [mailto:ku...@tenebras.com] Sent: Sunday, March 31, 2013 8:58 PM To: Don O'Neil Cc: freebsd-questions@freebsd.org Subject: Re: Problems with IPFW causing failed DNS and FTP sessions It would be really helpful if you'd post the ruleset. At first glance, your stateful rules seem rather wrong, unless there's a check-state above. Also, in and out aren't discriminating enough - every packet is seen by the ruleset more than once. You should think in terms of interfaces, direction, etc. Are you doing NAT? Stateful rules with NAT are indeed possible, but subtle. Your problem has nothing to do with server load, and probably everything to do with not-terribly-well-conceived ruleset. Please post yours here. - M On Sun, Mar 31, 2013 at 8:34 PM, Don O'Neil wrote: > Hi everyone. recently my server started having issues with DNS and FTP > sessions either not resolving or timing out. I've tracked the issue > down to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away. > > > > I have the basic rules like this for dns; > > > > 01160 allow udp from any to any dst-port 53 in keep-state > > 01161 allow tcp from any to any dst-port 53 in keep-state > > 01162 allow udp from any to any dst-port 53 out keep-state > > 01163 allow tcp from any to any dst-port 53 out keep-state > > > > When I try an nslookup sometimes they fail, sometimes they get > through, even if I change my DNS serv
Re: Problems with IPFW causing failed DNS and FTP sessions
It would be really helpful if you'd post the ruleset. At first glance, your stateful rules seem rather wrong, unless there's a check-state above. Also, in and out aren't discriminating enough - every packet is seen by the ruleset more than once. You should think in terms of interfaces, direction, etc. Are you doing NAT? Stateful rules with NAT are indeed possible, but subtle. Your problem has nothing to do with server load, and probably everything to do with not-terribly-well-conceived ruleset. Please post yours here. - M On Sun, Mar 31, 2013 at 8:34 PM, Don O'Neil wrote: > Hi everyone. recently my server started having issues with DNS and FTP > sessions either not resolving or timing out. I've tracked the issue down to > IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away. > > > > I have the basic rules like this for dns; > > > > 01160 allow udp from any to any dst-port 53 in keep-state > > 01161 allow tcp from any to any dst-port 53 in keep-state > > 01162 allow udp from any to any dst-port 53 out keep-state > > 01163 allow tcp from any to any dst-port 53 out keep-state > > > > When I try an nslookup sometimes they fail, sometimes they get through, even > if I change my DNS server to google, my ISP, or even OpenDNS. the firewall > seems to be causing the issue. > > > > I have about 65 rules in all. > > > > Any ideas what could be causing this? My server load is low, usually > hovering around .2 > > > > How can I look at the actual amount of traffic that the IPFW module is > processing and track down potential performance issues? My server isn't > pushing much data, only around 4-5 Mbps sustained. > > > > Thanks! > > > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Problems with IPFW causing failed DNS and FTP sessions
Hi everyone. recently my server started having issues with DNS and FTP sessions either not resolving or timing out. I've tracked the issue down to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away. I have the basic rules like this for dns; 01160 allow udp from any to any dst-port 53 in keep-state 01161 allow tcp from any to any dst-port 53 in keep-state 01162 allow udp from any to any dst-port 53 out keep-state 01163 allow tcp from any to any dst-port 53 out keep-state When I try an nslookup sometimes they fail, sometimes they get through, even if I change my DNS server to google, my ISP, or even OpenDNS. the firewall seems to be causing the issue. I have about 65 rules in all. Any ideas what could be causing this? My server load is low, usually hovering around .2 How can I look at the actual amount of traffic that the IPFW module is processing and track down potential performance issues? My server isn't pushing much data, only around 4-5 Mbps sustained. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Problems with IPFW causing failed DNS and FTP sessions
Hi everyone. recently my server started having issues with DNS and FTP sessions either not resolving or timing out. I've tracked the issue down to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away. I have the basic rules like this for dns; 01160 allow udp from any to any dst-port 53 in keep-state 01161 allow tcp from any to any dst-port 53 in keep-state 01162 allow udp from any to any dst-port 53 out keep-state 01163 allow tcp from any to any dst-port 53 out keep-state When I try an nslookup sometimes they fail, sometimes they get through, even if I change my DNS server to google, my ISP, or even OpenDNS. the firewall seems to be causing the issue. I have about 65 rules in all. Any ideas what could be causing this? My server load is low, usually hovering around .2 How can I look at the actual amount of traffic that the IPFW module is processing and track down potential performance issues? My server isn't pushing much data, only around 4-5 Mbps sustained. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: 9.1 on FTP
On Sat, 08 Dec 2012 13:20:43 +, Matthew Seaman wrote: > Yes, 9.1-RELEASE is delayed. Some of that is due to the effects of the > security compromise, some is down to the release process not being > pushed through as efficiently as it might be. It is coming. Soon. After the announcement the other day I have upgraded a test box (using freebsd-update) from 9.1-RC3 to 9.1-RELEASE. Entirely smooth and painless. Congratulations and heartfelt thanks to all concerned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: 9.1 on FTP
On 08/12/2012 02:21, s...@tormail.org wrote: > While looking for a 9.1-rc3 ISO to test on my old PPC Mac, I saw a > 9.1-RELEASE(!) ISO under releases/powerpc. I didn't think 9.1 was out or > announced yet, even though it was supposed to be announced some days ago. > I can't find it under any other directories for amd64,i386,etc. It's also > not on freebsd-update. Why was there an ISO for PPC? As I check now, it's > either been removed or I can't find it. Something fishy is going on? It's not there until the official release announcement goes out. Any premature sightings are presumably a side effect of eating too much spicy food late at night. Or something. Seriously though: ftp servers will be preloaded with 9.1 install sets before the release, so that people can start using them the moment they get the release announcement. Before that point, there's no guarantee install sets will not be arbitrarily removed or modified in response to last minute problems. Good luck to you if you do get hold of them early: it's your 15 minutes of fame, no more. Yes, 9.1-RELEASE is delayed. Some of that is due to the effects of the security compromise, some is down to the release process not being pushed through as efficiently as it might be. It is coming. Soon. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
9.1 on FTP
Hi freebsd-questions. While looking for a 9.1-rc3 ISO to test on my old PPC Mac, I saw a 9.1-RELEASE(!) ISO under releases/powerpc. I didn't think 9.1 was out or announced yet, even though it was supposed to be announced some days ago. I can't find it under any other directories for amd64,i386,etc. It's also not on freebsd-update. Why was there an ISO for PPC? As I check now, it's either been removed or I can't find it. Something fishy is going on? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
P w/ ftp-proxy, using both active/passive FTP
My goal is to get my FTP server working for both passive and active type FTP connections with the following conditions: 1) Running PF firewall on a FreeBSD machine, which is also the FTP machine. 2) Without opening up all ports > 1024 (or any upper-swath of ports), except where this occurs dynamically. I have chosen to take an ftp-proxy based solution. I'm also limited to 1 box here, so ftp-proxy is running on the same machine as the target FTP server, although I understand it is typically used in a gateway/forwarding situation. After a lot of playing around with my firewall rules, I've ended up in a mutually exclusive situation. With this line: rdr pass on $std_int proto tcp from any to $std_int port 21 -> 127.0.0.1 port 8021 PASSIVE FTP WORKS!! Yay W *cheering in background*. But Active fails. If I comment it out, in thus fashion: #rdr pass on $std_int proto tcp from any to $std_int port 21 -> 127.0.0.1 port 8021 ACTIVE FTP WORKS!! Yay Wo *cheering in background*. But. Passive fails. I would also like to mention that just commenting it out and restarting the firewall is all I did. ftp-proxy server process is still running. Also both tests were from the same host, using the same ftp program, with only active/passive settings on ftp client used appropriately for each respective test; all other settings identical. So I took a look at the handbook, which claimed I need to understand active/passive better (although I thought I already did... funny how that works?) - and the handbook linked the site http://slacksite.com/other/ftp.html Here I got this awesome description from slacksite: "In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20." So my first assumption was, "Either I can't connect to the client's local port, or my firewall isn't letting anything out on port 20." I look at the rules... hmm, don't think so. I just open up everything and try anyway, try ftp-proxy with & without "-r" option, and no dice. Same situation for both tests. Nothing changes. Examples of what I put in: pass in quick on $std_int proto tcp from any to any pass out quick on $std_int proto tcp from any to any below rdr directive (which is required by pf.conf ordering). Then I have a Face Palm exactly how did any of that have to do with it working when the rule was commented out? Absolutely nothing, that's what! I feel like such an idiot!! Ok.. so what does that rule mean? Let's revisit the rule: rdr pass on $std_int proto tcp from any to $std_int port 21 -> 127.0.0.1 port 8021 So all traffic on port 21, either in or out, goes to localhost 8021. H. The rule failed when I tried to specify 'in' or 'out' on the rdr directive. I don't think pf works rdr that way. My only logical conclusion is FTP has become stubborn and is using Active mode on port 21, and not 20, for whatever reason. The connection starts to succeed, but then the ACK packet from the client of course gets redirected to 8021, and the active connection being attempted from 21 misses it, resulting in a "half-open" connection, thus causing the FTP data channel to fail. It is the only possible explanation I can come up with, yet that is not in accordance to know what I know about FTP behavior (i.e., according to slacksite's description). Somewhere between convention and the IETF, I think I got lost. Does anyone know how to get passive + active both working with the stated goals of using PF w/ ftp-proxy? If this question is outside the scope of this list but better suited to be asked freebsd-pf, apologies in advance. Since the question is not about the development of the firewall itself, I thought it appropriate to ask here. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pf firewall and ftp
There's also web available manuals for probably every release of OpenBSD here: http://www.openbsd.org/cgi-bin/man.cgi http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&manpath=OpenBSD+4.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: SV: pf firewall and ftp
On Mon, Apr 16, 2012 at 09:39:38AM +0200, Hasse Hansson wrote: > To solve the ftp pre 4.7 part, you can start reading here > http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM > > /Hasse > -Oprindelig meddelelse- > Fra: owner-freebsd-questi...@freebsd.org > [mailto:owner-freebsd-questi...@freebsd.org] På vegne af Fbsd8 > Sendt: den 16 april 2012 04:31 > Til: FreeBSD Questions; FreeBSD Current; FreeBSD doc > Emne: Re: pf firewall and ftp > > Fbsd8 wrote: > > Running 9.0 as a gateway host with pf firewall enabled. > > FTP is launched by inetd. > > Both active and passive ftp works from lan pc's to the host ftp. > > The lan ftp session can be initiated from the host or any lan pc and > > things work because there are no rules on the lan interface except > > single pass all rule. > > > > But I can not do host initiated or lan initiated ftp sessions to the > > public internet. Get "operation not permitted" message. Tried to setup > > ftp-proxy per openbsd pf manual without any joy. > > > > Looking for working rule set with nat and ftp services to study and > > learn from. > > > > > > > > OK I have uncovered what the problem is. > The pf version running on Freebsd 9.0 matches the version running on openbsd > 4.5. Found it on man pf at the end. > > The documentation on the Openbsd website for pf is for Openbsd 5.0 and it > has warning saying "NOTE: This information is for OpenBSD 4.7. NAT > configuration was significantly different in earlier versions." > http://pf4freebsd.love2party.net/ has more info about how back dated the > 9.0 Freebsd production version of pf is. > > The Freebsd handbook had a detailed section on pf including rules examples > matching the version of pf included with 9.0 But someone allowed it to be > removed in the current version of the handbook. > > So here we are with an outdated version of pf in the current production > 9.0 version of Freebsd and there is no documentation available on nat rule > syntax in the handbook or at openbsd/pf. The version of PF in FreeBSD is corresponds to the one in OpenBSD 4.5. There are old versions of the OpenBSD PF FAQ on mirrors: http://ftp2.eu.openbsd.org/pub/OpenBSD/doc/history/pf-faq45.pdf http://ftp2.eu.openbsd.org/pub/OpenBSD/doc/history/pf-faq45.txt > Going to dig through the 9.0 pf man pages for the info The rules should also be documented in the man pages. -- Denny Lin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
SV: pf firewall and ftp
To solve the ftp pre 4.7 part, you can start reading here http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM /Hasse -Oprindelig meddelelse- Fra: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] På vegne af Fbsd8 Sendt: den 16 april 2012 04:31 Til: FreeBSD Questions; FreeBSD Current; FreeBSD doc Emne: Re: pf firewall and ftp Fbsd8 wrote: > Running 9.0 as a gateway host with pf firewall enabled. > FTP is launched by inetd. > Both active and passive ftp works from lan pc's to the host ftp. > The lan ftp session can be initiated from the host or any lan pc and > things work because there are no rules on the lan interface except > single pass all rule. > > But I can not do host initiated or lan initiated ftp sessions to the > public internet. Get "operation not permitted" message. Tried to setup > ftp-proxy per openbsd pf manual without any joy. > > Looking for working rule set with nat and ftp services to study and > learn from. > > > OK I have uncovered what the problem is. The pf version running on Freebsd 9.0 matches the version running on openbsd 4.5. Found it on man pf at the end. The documentation on the Openbsd website for pf is for Openbsd 5.0 and it has warning saying "NOTE: This information is for OpenBSD 4.7. NAT configuration was significantly different in earlier versions." http://pf4freebsd.love2party.net/ has more info about how back dated the 9.0 Freebsd production version of pf is. The Freebsd handbook had a detailed section on pf including rules examples matching the version of pf included with 9.0 But someone allowed it to be removed in the current version of the handbook. So here we are with an outdated version of pf in the current production 9.0 version of Freebsd and there is no documentation available on nat rule syntax in the handbook or at openbsd/pf. Going to dig through the 9.0 pf man pages for the info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pf firewall and ftp
Fbsd8 wrote: Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface except single pass all rule. But I can not do host initiated or lan initiated ftp sessions to the public internet. Get "operation not permitted" message. Tried to setup ftp-proxy per openbsd pf manual without any joy. Looking for working rule set with nat and ftp services to study and learn from. OK I have uncovered what the problem is. The pf version running on Freebsd 9.0 matches the version running on openbsd 4.5. Found it on man pf at the end. The documentation on the Openbsd website for pf is for Openbsd 5.0 and it has warning saying "NOTE: This information is for OpenBSD 4.7. NAT configuration was significantly different in earlier versions." http://pf4freebsd.love2party.net/ has more info about how back dated the 9.0 Freebsd production version of pf is. The Freebsd handbook had a detailed section on pf including rules examples matching the version of pf included with 9.0 But someone allowed it to be removed in the current version of the handbook. So here we are with an outdated version of pf in the current production 9.0 version of Freebsd and there is no documentation available on nat rule syntax in the handbook or at openbsd/pf. Going to dig through the 9.0 pf man pages for the info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
pf firewall and ftp
Running 9.0 as a gateway host with pf firewall enabled. FTP is launched by inetd. Both active and passive ftp works from lan pc's to the host ftp. The lan ftp session can be initiated from the host or any lan pc and things work because there are no rules on the lan interface except single pass all rule. But I can not do host initiated or lan initiated ftp sessions to the public internet. Get "operation not permitted" message. Tried to setup ftp-proxy per openbsd pf manual without any joy. Looking for working rule set with nat and ftp services to study and learn from. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 13 Apr 2012 at 23:51, Frank Staals wrote: > "John McDonnell" writes: > > > All in all, creating an entry in Site Manager makes more sense if > > it's something you connect to from your own hardware. From someone > > else's machine, the quick connect is quite handy though. > > Don't forget to clear out the entry from the dropdown list then. > Because I think FileZilla will remember your password as well. Worst > ``feature'' ever if you ask me > > Regards, > > -- > > - Frank Indeed it does, and yes I do (clear that list out) but thanks for the reminder, and of course it's useful info for others too. Regards. Dave. -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
"John McDonnell" writes: > All in all, creating an entry in Site Manager makes more sense if it's > something you connect to from your own hardware. From someone else's > machine, the quick connect is quite handy though. Don't forget to clear out the entry from the dropdown list then. Because I think FileZilla will remember your password as well. Worst ``feature'' ever if you ask me Regards, -- - Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 13 Apr 2012 at 9:21, John McDonnell wrote: > > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > > questi...@freebsd.org] On Behalf Of Dave B > > > FYI, you have to create an entry in FileZilla's Site Manager, for it > > to invoke SFTP, the "Quickconnect" feature just uses plain vanilla FTP. > > > > Best Regards. > > > > Dave Baxter. > > You can use the "Quickconnect" feature with SFTP. If you are running > on standard port 22, you can simply put 22 in the port box. For > non-standard ports, you can prepend sftp:// to the host name and it > will connect via SFTP instead of FTP. > Cheers, I'll try that next time I'm on "the outside" of my home LAN, it seems to work from the inside, as it would of course... At present, there a suitably configured link in the site manager. Thanks again. Dave. -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: FTP oddness, over SSH session.
> From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of Dave B > FYI, you have to create an entry in FileZilla's Site Manager, for it > to invoke SFTP, the "Quickconnect" feature just uses plain vanilla FTP. > > Best Regards. > > Dave Baxter. You can use the "Quickconnect" feature with SFTP. If you are running on standard port 22, you can simply put 22 in the port box. For non-standard ports, you can prepend sftp:// to the host name and it will connect via SFTP instead of FTP. Apologies to Dave as he'll be getting this twice as I somehow forgot to include questions@ when replying. Thought this might come in handy for others who want to SFTP into a box with FileZilla, so resending to the list this time. All in all, creating an entry in Site Manager makes more sense if it's something you connect to from your own hardware. From someone else's machine, the quick connect is quite handy though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 12 Apr 2012 at 12:40, Da Rock wrote: > On 04/11/12 21:51, Dave B wrote: > > FreeBSD FBSD.67MK181QZ 8.0-RELEASE FreeBSD 8.0-RELEASE #0: > > Wed Apr 14 22:55:09 BST 2010 > > root@FBSD.67MK181QZ:/usr/obj/usr/src/sys/PPSGENERIC i386 > > > > Hi. > > > > I have a small FreeBSD 8.0 system (above, yes I know, not current, > > but it works.) That is mainly used for timekeeping with an attached > > PPS equipped GPS. No problems with that. > > > > It also has a small web server (Hiawatha) FTP server and SSH portal, > > for my own use. > > > > The FTP "server" is the built-in OS based ftpd implementation, and > > works well for all that I need. > > > > Anyway... I found a while ago, that I can tunnel connections into > > my home LAN via a SSH session to my FreeBSD box, from outside the > > LAN using PuTTY (on Windows XP) from wherever I am. It's been a > > useful dodge for me to do that so as to VNC to other boxes that are > > there. The needed SSH working port, is not the usual suspect, it's > > way up high, well away from script kiddies etc. > > > > I just found however, that though I can reliably send a file to the > > FTP server and it get's saved just fine, that's not true when > > connecting this way using a SSH tunnel. > > > > Over the SSH session, (using Passive Mode, with all needed ports > > forwarded, plus the FTP daemon's data port usage restricted to the > > same range as those tunneled.) Though the FTP process appears to > > work OK, with no errors, the file sent to and deposited on the > > server ends up as name only, and zero bytes in length. > > > > Oddly, I can successfully create a new folder on the FTP server over > > the SSH session using the FTP client, and that works just fine. > > > > The FTP client I'm using, is the same FileZilla both times. > > (V3.1.0.1 I may go look for any updates, just in case.) > > > > Downloading works fine regardless of how I connect, it's just > > uploading that's screwey. I suspect (as usual) it's a rights issue, > > but even if I su - root after the initial SSH login, it changes > > nothing. > > I'd check the ports you are forwarding over ssh. Two ports are > required for ftp and it sounds like one is blocking for some reason- > the control channel seems to be working fine though :) As I suspect too, but as yet, I've not figured it out. I can as above download files just fine, so the data channel can be established for that, and I am using Passive Mode, so it *Should* be only my end (the client) that initiates a connection for the data channel. Also, two versions of FileZilla *Appear* to succeed uploading a file, no errors regarding being unable to setup a data channel, just that when you look on the FreeBSD box later, the file is zero bytes in size. Regards. Dave Baxter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 12 Apr 2012 at 9:32, Frank Staals wrote: > "Dave B" writes: > > > Hi, ordinarily perhaps yes, if I could only figure out how to set it > > up on the FreeBSD box. As always, the "Manuals" though no doubt > > correct and complete as a "reference", are no good to people who > > don't already know "How To" do it. > > There is not much to set up. Just make sure you have sshd running. You > can then just sftp (or any other client that supports sftp) to connect > to port 22, or whatever port sshd is listening on. > > Regards, > > -- > > - Frank Hi Frank. Thanks for that suggestion. It works well! Issue resolved for now :-) FYI, you have to create an entry in FileZilla's Site Manager, for it to invoke SFTP, the "Quickconnect" feature just uses plain vanilla FTP. Best Regards. Dave Baxter. -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 12 Apr 2012 at 11:28, Frank Bonnet wrote: > > "Dave B" writes: > > > >> Hi, ordinarily perhaps yes, if I could only figure out how to set > >> it up on the FreeBSD box. As always, the "Manuals" though no doubt > >> correct and complete as a "reference", are no good to people who > >> don't already know "How To" do it. > > > > There is not much to set up. Just make sure you have sshd running. > > You can then just sftp (or any other client that supports sftp) to > > connect to port 22, or whatever port sshd is listening on. > > > > Regards, > > > > -- > > > > - Frank > > why not ftp over TLS ? like proftpd or pure-ftpd can do ? > Hi. Because as yet, I have not figured out how to get ProFTP or PureFTP installed and WORKING without bricking the machine. There is no step by step "how to" (that I've yet found) with also guidance as to how to work arround the inevitable issues that occur. The man pages are just command references, not an instruction book on how to use them. Sorry. Hence, I'm using the native OS's inbuilt FTP facility. Even that took me 3 days to get going in the first instance. (file Access rights issues and poor, even if correct, documentation.) Regards. Dave Baxter. -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 12/04/2012 10:28, Frank Bonnet wrote:
> why not ftp over TLS ? like proftpd or pure-ftpd can do ?
Because it is pretty much impossible to firewall securely. Either you
don't encrypt the control channel or you have to give any firewalls
between you and your destination keys to be able to decrypt the traffic
(in which case you might just as well not bother encrypting it at all)
or you have to open up a whole load of ports to accept incoming traffic
('you' being typically the FTP server admin for PASV mode FTP;
otherwise, you'ld need to do similarly on the client for active mode
FTP.) FTP is fundamentally broken and simply encasing it in a layer of
encryption only exacerbates the fundamental flaws.
The FTP protocol is an archaic remnant of some mythical golden age of
the internet when you could generally trust anyone else with access to
the net[*]. Given what the past 40 years or so have shown us about the
realities of global networking, it is high time that it was obsoleted
and the world switched to some of the many better alternatives that have
since been developed.
* HTTP -- obviously works fine for download. It can support upload
too: there's a little-used PUT command, or you can use such things
as WEBDAV. Easy to run over TLS by using HTTPS.
* RSYNC -- has an anonymous mode which works fine for generic
downloads. For authenticated access defaults to ssh(1) for all
traffic.
* SFTP or SCP -- for those who are unwilling or unable to
contemplate using anything other than an FTP client, SFTP will
pose as one, while still properly securing all your traffic. SCP
is (IMHO) a nicer interface for general day-to-day copying stuff
between machines though.
Cheers,
Matthew
[*] Believe it or not, at one time it was generally accepted that mail
servers should be configured as open relays. This was so that if your
own mailserver was playing up, you could easily borrow a neighbours
server to send messages. Then spam was invented.
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
Re: FTP oddness, over SSH session.
why not ftp over TLS ? like proftpd or pure-ftpd can do ? Envoyé de mon iPhone. Le 12 avr. 2012 à 09:32, Frank Staals a écrit : > "Dave B" writes: > >> Hi, ordinarily perhaps yes, if I could only figure out how to set it up >> on the FreeBSD box. As always, the "Manuals" though no doubt correct and >> complete as a "reference", are no good to people who don't already know >> "How To" do it. > > There is not much to set up. Just make sure you have sshd running. You > can then just sftp (or any other client that supports sftp) to connect > to port 22, or whatever port sshd is listening on. > > Regards, > > -- > > - Frank > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
"Dave B" writes: > Hi, ordinarily perhaps yes, if I could only figure out how to set it up > on the FreeBSD box. As always, the "Manuals" though no doubt correct and > complete as a "reference", are no good to people who don't already know > "How To" do it. There is not much to set up. Just make sure you have sshd running. You can then just sftp (or any other client that supports sftp) to connect to port 22, or whatever port sshd is listening on. Regards, -- - Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 11 Apr 2012 at 14:54, Mike Clarke wrote: > On Wednesday 11 April 2012, Dave B wrote: > > > I just found however, that though I can reliably send a file to the > > FTP server and it get's saved just fine, that's not true when > > connecting this way using a SSH tunnel. > > Would it not be simpler just to use sftp directly rather than > tunnelling ftp through ssh? > > -- > Mike Clarke Hi, ordinarily perhaps yes, if I could only figure out how to set it up on the FreeBSD box. As always, the "Manuals" though no doubt correct and complete as a "reference", are no good to people who don't already know "How To" do it. Originally, the FTP was purely for other machines at home to periodicaly dump data for some pages of the small website it also hosts. There was (is) no need for SFTP for that, as all the machines are in the same room at home. Thanks for the reply. Dave B. -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On 04/11/12 21:51, Dave B wrote: FreeBSD FBSD.67MK181QZ 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Wed Apr 14 22:55:09 BST 2010 root@FBSD.67MK181QZ:/usr/obj/usr/src/sys/PPSGENERIC i386 Hi. I have a small FreeBSD 8.0 system (above, yes I know, not current, but it works.) That is mainly used for timekeeping with an attached PPS equipped GPS. No problems with that. It also has a small web server (Hiawatha) FTP server and SSH portal, for my own use. The FTP "server" is the built-in OS based ftpd implementation, and works well for all that I need. Anyway... I found a while ago, that I can tunnel connections into my home LAN via a SSH session to my FreeBSD box, from outside the LAN using PuTTY (on Windows XP) from wherever I am. It's been a useful dodge for me to do that so as to VNC to other boxes that are there. The needed SSH working port, is not the usual suspect, it's way up high, well away from script kiddies etc. I just found however, that though I can reliably send a file to the FTP server and it get's saved just fine, that's not true when connecting this way using a SSH tunnel. Over the SSH session, (using Passive Mode, with all needed ports forwarded, plus the FTP daemon's data port usage restricted to the same range as those tunneled.) Though the FTP process appears to work OK, with no errors, the file sent to and deposited on the server ends up as name only, and zero bytes in length. Oddly, I can successfully create a new folder on the FTP server over the SSH session using the FTP client, and that works just fine. The FTP client I'm using, is the same FileZilla both times. (V3.1.0.1 I may go look for any updates, just in case.) Downloading works fine regardless of how I connect, it's just uploading that's screwey. I suspect (as usual) it's a rights issue, but even if I su - root after the initial SSH login, it changes nothing. I'd check the ports you are forwarding over ssh. Two ports are required for ftp and it sounds like one is blocking for some reason- the control channel seems to be working fine though :) The FTP user is a different name from who I'm logged in as by SSH, is that the issue?But what confuses me, is that it works from this same PC, if it's on the home LAN, using the same FTP user credentials. I'm obviously lacking in my understanding of something, but what? I may not get to see any replies for a day or three, as I've got to head off across country for work later, and it's not yet known if tonight's hotel even has WiFi, or if there is decent mobile coverage where I'm going. (Out in the Wiltshire sticks. UK, and I'm stuck with Orange.) Thanks in advance. Dave B -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On Wed, Apr 11, 2012 at 8:54 AM, Mike Clarke wrote: > On Wednesday 11 April 2012, Dave B wrote: > >> I just found however, that though I can reliably send a file to the >> FTP server and it get's saved just fine, that's not true when >> connecting this way using a SSH tunnel. > > Would it not be simpler just to use sftp directly rather than tunnelling > ftp through ssh? > > -- > Mike Clarke Using sftp or scp is not just simpler in configuration, it has the added benefit of being supported by cool gui applications (filezilla, winscp, etc) that are available for multiple operating systems. The only configuration change I make is to change the port used by ssh. That simple change eliminated most of the hacker attempts found in various logs (failed logins, etc). Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP oddness, over SSH session.
On Wednesday 11 April 2012, Dave B wrote: > I just found however, that though I can reliably send a file to the > FTP server and it get's saved just fine, that's not true when > connecting this way using a SSH tunnel. Would it not be simpler just to use sftp directly rather than tunnelling ftp through ssh? -- Mike Clarke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FTP oddness, over SSH session.
FreeBSD FBSD.67MK181QZ 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Wed Apr 14 22:55:09 BST 2010 root@FBSD.67MK181QZ:/usr/obj/usr/src/sys/PPSGENERIC i386 Hi. I have a small FreeBSD 8.0 system (above, yes I know, not current, but it works.) That is mainly used for timekeeping with an attached PPS equipped GPS. No problems with that. It also has a small web server (Hiawatha) FTP server and SSH portal, for my own use. The FTP "server" is the built-in OS based ftpd implementation, and works well for all that I need. Anyway... I found a while ago, that I can tunnel connections into my home LAN via a SSH session to my FreeBSD box, from outside the LAN using PuTTY (on Windows XP) from wherever I am. It's been a useful dodge for me to do that so as to VNC to other boxes that are there. The needed SSH working port, is not the usual suspect, it's way up high, well away from script kiddies etc. I just found however, that though I can reliably send a file to the FTP server and it get's saved just fine, that's not true when connecting this way using a SSH tunnel. Over the SSH session, (using Passive Mode, with all needed ports forwarded, plus the FTP daemon's data port usage restricted to the same range as those tunneled.) Though the FTP process appears to work OK, with no errors, the file sent to and deposited on the server ends up as name only, and zero bytes in length. Oddly, I can successfully create a new folder on the FTP server over the SSH session using the FTP client, and that works just fine. The FTP client I'm using, is the same FileZilla both times. (V3.1.0.1 I may go look for any updates, just in case.) Downloading works fine regardless of how I connect, it's just uploading that's screwey. I suspect (as usual) it's a rights issue, but even if I su - root after the initial SSH login, it changes nothing. The FTP user is a different name from who I'm logged in as by SSH, is that the issue?But what confuses me, is that it works from this same PC, if it's on the home LAN, using the same FTP user credentials. I'm obviously lacking in my understanding of something, but what? I may not get to see any replies for a day or three, as I've got to head off across country for work later, and it's not yet known if tonight's hotel even has WiFi, or if there is decent mobile coverage where I'm going. (Out in the Wiltshire sticks. UK, and I'm stuck with Orange.) Thanks in advance. Dave B -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
9.0 base.txz ftp download time out
I have a scripted ftp download for 8.x and 9.0 distribution files. Yes I have the correct paths. When I target 8.x releases it downloads the multiple distribution files. To get the complete group takes about 20 minutes and ends cleanly. But when I try to fetch the 9.0 base.txz file it says 100% completed and then times out. It also runs about 20 minutes just to download the single file. I do get the base.txz file downloaded but it ends uncleanly saying it timed out. All the mirrors issue standard login messages saying there are restrictions in effect. My question is there some restriction about time allowed per file downloaded? And now that the layout of the 9.0 distribution files has changed to a large file compared to many small files in a directory as for 8.0 is this causing the base.txz file download to time out? IE: does the ftp restrictions need to be changed for the new 9.0 distribution file? Here is log of my ftp run. 230 Anonymous access granted, restrictions apply Remote system type is UNIX. Using binary mode to transfer files. prompt off Interactive mode off. cd /pub/FreeBSD/releases/i386/i386/9.0-RELEASE 250 CWD command successful epsv4 off EPSV/EPRT on IPv4 off. mreget base.txz doc.txz local: base.txz remote: base.txz 227 Entering Passive Mode (137,189,4,14,221,218). 150 Opening BINARY mode data connection for base.txz (54107736 bytes) 100% |***| 52839 KiB 42.93 KiB/s 00:00 ETA 421 Service not available, remote server timed out. Connection closed. 54107736 bytes received in 21:30 (40.93 KiB/s) ftp: No control connection for command ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP server for install link broken?
On 01/27/2012 07:22 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: On 01/27/2012 04:16 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html Oh ok. Anyway as I'm familiar with BSD 8.x I did the install without reading!! My issue was really to find the .img file for USB booting. All done now but can't seem to get Fedora 16's GRUB to boot BSD 9.0 I guess it's time to consult the documentation after all; even though Google'ing provided results that didn't yield answers as the Linux GRUB can't find the partition/slice combo??? The default install of FreeBSD 9 uses GPT, so there are no slices or FreeBSD (bsdlabel) partitions. Instead of ad0s1a, it would just be ada0p2. Don't know what Linux calls these partitions, though. Tried chainloading but that didn't work either probably as no boot-loader got loaded into the PBR by default. If you want multiboot on a GPT drive, grub2 seems to be the solution. (But I haven't tested it Thanks Warren for the assistance! I will create a new Subject for my multiboot issue :-) Am just currently trying to get my 'old' Fedora instance from an old HD up and running by booting off USB drive meaning have to re-build initrd.img with USB modules in it. So updating that in order to get the kernel headers since the old kernel is no longer supported. Best regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP server for install link broken?
On Fri, 27 Jan 2012, Kaya Saman wrote: On 01/27/2012 04:16 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html Oh ok. Anyway as I'm familiar with BSD 8.x I did the install without reading!! My issue was really to find the .img file for USB booting. All done now but can't seem to get Fedora 16's GRUB to boot BSD 9.0 I guess it's time to consult the documentation after all; even though Google'ing provided results that didn't yield answers as the Linux GRUB can't find the partition/slice combo??? The default install of FreeBSD 9 uses GPT, so there are no slices or FreeBSD (bsdlabel) partitions. Instead of ad0s1a, it would just be ada0p2. Don't know what Linux calls these partitions, though. Tried chainloading but that didn't work either probably as no boot-loader got loaded into the PBR by default. If you want multiboot on a GPT drive, grub2 seems to be the solution. (But I haven't tested it.) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP server for install link broken?
On 01/27/2012 04:16 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html Oh ok. Anyway as I'm familiar with BSD 8.x I did the install without reading!! My issue was really to find the .img file for USB booting. All done now but can't seem to get Fedora 16's GRUB to boot BSD 9.0 I guess it's time to consult the documentation after all; even though Google'ing provided results that didn't yield answers as the Linux GRUB can't find the partition/slice combo??? Tried chainloading but that didn't work either probably as no boot-loader got loaded into the PBR by default. Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP server for install link broken?
On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FTP server for install link broken?
Hi, am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html with link provided here: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-i386-memstick.img Now unless I've missed something I don't see FreeBSD 9.0 here at all: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/ISO-IMAGES/ Everything upto 8.2 is there but no 9.0 Any news in mean time I found it here: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/ I know am using AMD64 but swap that with i386 and comes down to same result Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Enabling FTP and Telnet access for root and users
On Thu, Dec 15, 2011 at 8:35 AM, Reid Linnemann wrote: > On Thu, Dec 15, 2011 at 6:26 AM, Daniel Lewis > wrote: >> How do I enable Telnet and ftp access for root and users? >> I turned on ftp and telnet in inetd but when at telenet or ftp prompt >> access is denied. >> >> Im using free bsd 8.2 >> >> >> >> Thanks, >> Daniel lewis >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > > Disclaimer: > Why in God's name would you want to enable root access through > insecure means such as telnet and ftp? Do you have a specific > requirement for these two protocols? For many years now ssh/sftp/scp > have been able to securely provide analogous services, and I would > recommend you take advantage of them before opening yourself up to the > woes of root access on ftp and telnet. > > That being said, > > Are you not able to authenticate any users or just root? > > Are your ftpd and telnetd services being wrapped by inetd? Can you > show inetd.conf? > > /etc/ftpusers contains a list of usernames that will be denied access > through ftp, root and its alias toor are both in there by default Also, telnetd will never authenticate root unless your ttyp* terminals are set secure in /etc/ttys, which is also not recommended. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Enabling FTP and Telnet access for root and users
On Thu, Dec 15, 2011 at 6:26 AM, Daniel Lewis wrote: > How do I enable Telnet and ftp access for root and users? > I turned on ftp and telnet in inetd but when at telenet or ftp prompt > access is denied. > > Im using free bsd 8.2 > > > > Thanks, > Daniel lewis > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" Disclaimer: Why in God's name would you want to enable root access through insecure means such as telnet and ftp? Do you have a specific requirement for these two protocols? For many years now ssh/sftp/scp have been able to securely provide analogous services, and I would recommend you take advantage of them before opening yourself up to the woes of root access on ftp and telnet. That being said, Are you not able to authenticate any users or just root? Are your ftpd and telnetd services being wrapped by inetd? Can you show inetd.conf? /etc/ftpusers contains a list of usernames that will be denied access through ftp, root and its alias toor are both in there by default ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Enabling FTP and Telnet access for root and users
On Thu, Dec 15, 2011 at 06:26:09AM -0600, Daniel Lewis wrote: > How do I enable Telnet and ftp access for root and users? > I turned on ftp and telnet in inetd but when at telenet or ftp prompt > access is denied. Can we see the error message? Are you sure inetd is running? Using the right username/password combination? In all honesty, you're better off enabling sshd instead, which encrypts your communication, and offers numerous other security enhancements over plain telnet and ftp. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp4YL4cuTyVV.pgp Description: PGP signature
Enabling FTP and Telnet access for root and users
How do I enable Telnet and ftp access for root and users? I turned on ftp and telnet in inetd but when at telenet or ftp prompt access is denied. Im using free bsd 8.2 Thanks, Daniel lewis ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
Even if this might get more off-topic now, allow me the following idea: On Fri, 16 Sep 2011 18:05:38 -0400, Allen wrote: > My message was sent with Thunderbird. I don't normally use that because > it's a resource hog and a half, but since my ISP decided to be stupid > and no longer allow direct access, instantly making Mutt and Fetchmail > impossible to use anymore, I have to use something else. I miss Mutt and > Fetchmail, but my ISP is acting stupid. So now, I use Thunderbird > sometimes, Opera's Mail client a lot more, and Kamil, and others, > whenever. Sylpheed and the other one related to it get some use from me, > along with Opera and Kmail, as my main clients now. Still miss Mutt though. According to what your ISP does wrong, and what your current solution is (IMAP -or- POP+SMTP), there's a nice suggestion if you want to handle your mail locally (use of program of choice, getting messages from server and storing them on _your_ machine): You've mentioned fetchmail which does regular POP3 mail incorporation and can also add many authentification features an ISP might require. If this does _not_ work anymore for you, does this mean your ISP blocks POP3, or your mail provider doesn't offer that _essential_ feature anymore? Depending on your local storing format (mbox, MH, MailDir), you can use _any_ client that understands that format (i. e. all clients use the _same_ local storage structure), so it's easy to switch clients depending on requirements. For _sending_ mail: If you run the system's sendmail mailer subsystem properly, you could directly send messages by locally enqueuing them. Many ISPs refuse to accept messages from dynamic IP, as they are considered spam. So if your ISP offers you to relay your mail through one of ITS servers (with a _static_ IP), you can easily configure a statement "define(`SMART_HOST', `mx.your-isp.foo')" in your mc file. In the end, you don't need to configure POP & SMTP in all your different programs, but only as ~/.fetchmailrc for fetchmail (for POP), and your sendmail as described above (for SMTP). Your applications get messages from local spool and send directly to local sendmail. This allows you flexibility in case you cannot use IMAP (or intendedly want to use a program that's not capable of using IMAP). The solution described may be sufficient if your system is the only (or at least primary) one you deal with mail on. PS. This message illustrates the proper use of top-posting. appending replies to quotes, and trimming. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On Fri, Sep 16, 2011 at 06:55:05PM -0500, Ryan Coleman wrote: > On Sep 16, 2011, at 17:27, Chad Perrin wrote: > > > On Fri, Sep 16, 2011 at 02:14:42PM -0400, Daniel Staal wrote: > >> > >> Also many smartphone and tablet mailers automatically top-post, and make > >> it significantly harder to move the cursor around inside the text with any > >> accuracy. > > > > This is why I don't deal with email on my Android smartphone. The mail > > client is a bucket of ass. > > +1. That's why I have an iPhone now. :-) Seriously . . . ? You have an iPhone because the mail client on an Android smartphone sucks. That's odd. I still prefer my iPhone, and have some hope that some day I'll be able to install some kind of BSD Unix system on an Android device. Unlike with the iPhone, I probably wouldn't get sued for doing so. Also, I get to have a keyboard with an Android device. Even before I can shoehorn BSD Unix onto it, at least it's possible to root some Android smartphones without getting sued. Et cetera. . . . but I'm pretty mystified at the idea of getting an iPhone just because of the mail client. Trying to deal with email on *any* smartphone client would be a pain in my fourth point of contact. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpk3YP37aaTm.pgp Description: PGP signature
Re: Please secure your FTP access
On Sep 16, 2011, at 17:27, Chad Perrin wrote: > On Fri, Sep 16, 2011 at 02:14:42PM -0400, Daniel Staal wrote: >> >> Also many smartphone and tablet mailers automatically top-post, and make >> it significantly harder to move the cursor around inside the text with any >> accuracy. > > This is why I don't deal with email on my Android smartphone. The mail > client is a bucket of ass. +1. That's why I have an iPhone now. :-) -- Ryan Coleman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On Fri, Sep 16, 2011 at 02:14:42PM -0400, Daniel Staal wrote: > > Also many smartphone and tablet mailers automatically top-post, and make > it significantly harder to move the cursor around inside the text with any > accuracy. This is why I don't deal with email on my Android smartphone. The mail client is a bucket of ass. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpTDbXxn6qIq.pgp Description: PGP signature
Re: Please secure your FTP access
On 9/16/2011 1:37 PM, David Demelier wrote: > On 15/09/2011 23:46, Allen wrote: >> Sorry for top posting > > I have never understood why people apologise when they top post. Is your > client mail so bad that you can't move your cursor selector under the > last message? I top posted on purpose. Of course my mail client allows me to post normally. The REASON I top posted, was to say something that was not part of the reply I quoted. See, I wanted to say something first, and THEN I wanted to reply to a few things. So, I top posted the part that wasn't related to what was said, and I then posted the rest normally. Clear it up yet? > For me, I have tested a lot of client mails and I was always able to > write text under the last message. And even microsoft outlook. My message was sent with Thunderbird. I don't normally use that because it's a resource hog and a half, but since my ISP decided to be stupid and no longer allow direct access, instantly making Mutt and Fetchmail impossible to use anymore, I have to use something else. I miss Mutt and Fetchmail, but my ISP is acting stupid. So now, I use Thunderbird sometimes, Opera's Mail client a lot more, and Kamil, and others, whenever. Sylpheed and the other one related to it get some use from me, along with Opera and Kmail, as my main clients now. Still miss Mutt though. I trimmed the rest of this message since that's something another person brought up about your client ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On Thu, Sep 15, 2011 at 10:46 PM, Allen wrote: > Sorry for top posting but can anyone send this to "Computer Stupidities" > ? It seems to good to waste like this. Anyone who thinks they're a > Hacker yet doesn't know how FTP works is not only funny, it's > entertainment. And also, the web site I'm speaking of, has a similar > story sent in from another reader, where they talked about back when > they were in a Web Development class once, the teacher partnered > everyone up with someone else, and so, since he had already made his own > web site, he figured he'd show it to his new partner, and said "This is > my web site here" and the guy, like a moron, highlighted ALL of the text > with a Mouse, and threatened to hit the "Delete" button on the Keyboard... > > This reminds me of that quite a bit lol. > > On 9/14/2011 5:57 AM, Eduardo Morras wrote: >> At 21:43 13/09/2011, Sarang. wrote: >>> H! there, >>> >>> I have seen your site and also got ftp access.. >>> >>> Please secure your ftp acces otherwise anyone can delete your data >>> >>> Why anyone? even I am also interested in it.. please move your ass >>> otherwise it will cost you. >>> >>> If you are not going to fix this problem then I will delete all the >>> files tommorrow... >>> >>> Take care.. >> >> You log in as anonymous user but the user whom owns the ftp is another >> one (perhaps ftp). The permises you get are r-x (thh last ones) not rwx. >> >> HTH >> >>> Ethical but Bad Hacker... He may have actually used his real name too :) - https://www.facebook.com/sarang.chepe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On Fri, 16 Sep 2011 11:03:40 -0700 Devin Teske articulated: Between Top/Bottom and in-line posting, this thread is getting harder to read by the minute. I am not at my Windows machine at the moment; however, I know from past experience that I CAN enter text, plain or HTML, after the last entry in a message. It always did work in-line; however since I don't use Outlook for replying to forum mail I cannot swear that it doesn't cause a problem with in-line posting. That then brings up the next question, why is the OP or any of the subsequent posters using HTML to begin with? It certainly does not belong in forum posts. Furthermore, Outlook will send in plain ASCII text if configured to do so. It can also be configured to reply after the text rather than before if configured to do so. Most users don't bother to configure it correctly and then blame the product for their own inadequacies. -- Jerry ✌ jerry+f...@seibercom.net Disclaimer: off-list followups get on-list replies or ignored. Do not CC this poster. Please do not ignore the "Reply-To" header. http://www.catb.org/~esr/faqs/smart-questions.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Please secure your FTP access
On Fri, September 16, 2011 2:03 pm, Devin Teske wrote: > > >> -Original Message- >> From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- >> questi...@freebsd.org] On Behalf Of David Demelier >> Sent: Friday, September 16, 2011 10:38 AM >> To: freebsd-questions@freebsd.org >> Subject: Re: Please secure your FTP access >> >> On 15/09/2011 23:46, Allen wrote: >> > Sorry for top posting >> >> I have never understood why people apologise when they top post. Is your > client >> mail so bad that you can't move your cursor selector under the last >> message? > > Preamble: Not making excuses for others' actions, but airing grievances > because > I'd really like Microsoft to fix this one. > > Observation: > Microsoft Outlook 2010 has a nasty nasty bug (or at least, I consider it > to be a > bug). If the e-mail that you are responding to is in HTML format and your > reply > is also in HTML format, then you cannot insert text in the middle of the > reply-text. The expectation that you can insert text in the middle of the > reply-text at a different indentation-level fails miserably. As a > work-around > you can change the reply-mail to be in either Rich Text or Plain Text > format, > but that removes the indentation-level of the reply-text (yuck). It's > rather > frustrating and whenever I am faced with top-posting because of Outlook's > iniquities or using another mail client ... I simply use another mail > client > (period). > > Just sharing... > Devin Also many smartphone and tablet mailers automatically top-post, and make it significantly harder to move the cursor around inside the text with any accuracy. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On 9/16/11 1:37 PM, David Demelier wrote: For me, I have tested a lot of client mails and I was always able to write text under the last message. And even microsoft outlook. Though your current client does appear to keep you from trimming. -- --Jon Radel j...@radel.com
RE: Please secure your FTP access
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of David Demelier > Sent: Friday, September 16, 2011 10:38 AM > To: freebsd-questions@freebsd.org > Subject: Re: Please secure your FTP access > > On 15/09/2011 23:46, Allen wrote: > > Sorry for top posting > > I have never understood why people apologise when they top post. Is your client > mail so bad that you can't move your cursor selector under the last message? Preamble: Not making excuses for others' actions, but airing grievances because I'd really like Microsoft to fix this one. Observation: Microsoft Outlook 2010 has a nasty nasty bug (or at least, I consider it to be a bug). If the e-mail that you are responding to is in HTML format and your reply is also in HTML format, then you cannot insert text in the middle of the reply-text. The expectation that you can insert text in the middle of the reply-text at a different indentation-level fails miserably. As a work-around you can change the reply-mail to be in either Rich Text or Plain Text format, but that removes the indentation-level of the reply-text (yuck). It's rather frustrating and whenever I am faced with top-posting because of Outlook's iniquities or using another mail client ... I simply use another mail client (period). Just sharing... Devin > > For me, I have tested a lot of client mails and I was always able to write text > under the last message. And even microsoft outlook. > > :) > > > but can anyone send this to "Computer Stupidities" > > ? It seems to good to waste like this. Anyone who thinks they're a > > Hacker yet doesn't know how FTP works is not only funny, it's > > entertainment. And also, the web site I'm speaking of, has a similar > > story sent in from another reader, where they talked about back when > > they were in a Web Development class once, the teacher partnered > > everyone up with someone else, and so, since he had already made his > > own web site, he figured he'd show it to his new partner, and said > > "This is my web site here" and the guy, like a moron, highlighted ALL > > of the text with a Mouse, and threatened to hit the "Delete" button on the > Keyboard... > > > > This reminds me of that quite a bit lol. > > > > On 9/14/2011 5:57 AM, Eduardo Morras wrote: > >> At 21:43 13/09/2011, Sarang. wrote: > >>> H! there, > >>> > >>> I have seen your site and also got ftp access.. > >>> > >>> Please secure your ftp acces otherwise anyone can delete your data > >>> > >>> Why anyone? even I am also interested in it.. please move your ass > >>> otherwise it will cost you. > >>> > >>> If you are not going to fix this problem then I will delete all the > >>> files tommorrow... > >>> > >>> Take care.. > >> > >> You log in as anonymous user but the user whom owns the ftp is > >> another one (perhaps ftp). The permises you get are r-x (thh last ones) not > rwx. > >> > >> HTH > >> > >>> Ethical but Bad Hacker... > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions- > unsubscr...@freebsd.org" > > > -- > David Demelier > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On 15/09/2011 23:46, Allen wrote: Sorry for top posting I have never understood why people apologise when they top post. Is your client mail so bad that you can't move your cursor selector under the last message? For me, I have tested a lot of client mails and I was always able to write text under the last message. And even microsoft outlook. :) but can anyone send this to "Computer Stupidities" ? It seems to good to waste like this. Anyone who thinks they're a Hacker yet doesn't know how FTP works is not only funny, it's entertainment. And also, the web site I'm speaking of, has a similar story sent in from another reader, where they talked about back when they were in a Web Development class once, the teacher partnered everyone up with someone else, and so, since he had already made his own web site, he figured he'd show it to his new partner, and said "This is my web site here" and the guy, like a moron, highlighted ALL of the text with a Mouse, and threatened to hit the "Delete" button on the Keyboard... This reminds me of that quite a bit lol. On 9/14/2011 5:57 AM, Eduardo Morras wrote: At 21:43 13/09/2011, Sarang..... wrote: H! there, I have seen your site and also got ftp access.. Please secure your ftp acces otherwise anyone can delete your data Why anyone? even I am also interested in it.. please move your ass otherwise it will cost you. If you are not going to fix this problem then I will delete all the files tommorrow... Take care.. You log in as anonymous user but the user whom owns the ftp is another one (perhaps ftp). The permises you get are r-x (thh last ones) not rwx. HTH Ethical but Bad Hacker... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" -- David Demelier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On Thursday 15 September 2011 13:46:35 Allen wrote: > Sorry for top posting but can anyone send this to "Computer Stupidities" > ? It seems to good to waste like this. Anyone who thinks they're a > Hacker yet doesn't know how FTP works is not only funny, it's > entertainment. And also, the web site I'm speaking of, has a similar > story sent in from another reader, where they talked about back when > they were in a Web Development class once, the teacher partnered > everyone up with someone else, and so, since he had already made his own > web site, he figured he'd show it to his new partner, and said "This is > my web site here" and the guy, like a moron, highlighted ALL of the text > with a Mouse, and threatened to hit the "Delete" button on the Keyboard... > > This reminds me of that quite a bit lol. > > On 9/14/2011 5:57 AM, Eduardo Morras wrote: > > At 21:43 13/09/2011, Sarang. wrote: > >> H! there, > >> > >> I have seen your site and also got ftp access.. > >> > >> Please secure your ftp acces otherwise anyone can delete your data > >> > >> Why anyone? even I am also interested in it.. please move your ass > >> otherwise it will cost you. > >> > >> If you are not going to fix this problem then I will delete all the > >> files tommorrow... > >> > >> Take care.. > > > > You log in as anonymous user but the user whom owns the ftp is another > > one (perhaps ftp). The permises you get are r-x (thh last ones) not rwx. > > > > HTH > > > >> Ethical but Bad Hacker... All your files are now belong to us :-P -- --- Beech Rintoul - FreeBSD Developer - be...@freebsd.org /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://people.freebsd.org/~beech X - NO Word docs in e-mail | Skype: akbeech / \ - http://www.FreeBSD.org/releases/8.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On 15 September 2011 21:05, Frank Shute wrote: > On Thu, Sep 15, 2011 at 05:46:35PM -0400, Allen wrote: >> >> Sorry for top posting but can anyone send this to "Computer Stupidities" >> ? It seems to good to waste like this. Anyone who thinks they're a >> Hacker yet doesn't know how FTP works is not only funny, it's >> entertainment. And also, the web site I'm speaking of, has a similar >> story sent in from another reader, where they talked about back when >> they were in a Web Development class once, the teacher partnered >> everyone up with someone else, and so, since he had already made his own >> web site, he figured he'd show it to his new partner, and said "This is >> my web site here" and the guy, like a moron, highlighted ALL of the text >> with a Mouse, and threatened to hit the "Delete" button on the Keyboard... >> >> This reminds me of that quite a bit lol. >> > > You may mock him now but wait until he discovers csup. With his uber > skills he'll be able to delete all our source files! > > Will you be laughing then? > > ;) > I just ran svn co on your source repository and then symlinked to /dev/null Send me $45 and a Journey T-shirt or I'll run svn ci . . . -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
On Thu, Sep 15, 2011 at 05:46:35PM -0400, Allen wrote: > > Sorry for top posting but can anyone send this to "Computer Stupidities" > ? It seems to good to waste like this. Anyone who thinks they're a > Hacker yet doesn't know how FTP works is not only funny, it's > entertainment. And also, the web site I'm speaking of, has a similar > story sent in from another reader, where they talked about back when > they were in a Web Development class once, the teacher partnered > everyone up with someone else, and so, since he had already made his own > web site, he figured he'd show it to his new partner, and said "This is > my web site here" and the guy, like a moron, highlighted ALL of the text > with a Mouse, and threatened to hit the "Delete" button on the Keyboard... > > This reminds me of that quite a bit lol. > You may mock him now but wait until he discovers csup. With his uber skills he'll be able to delete all our source files! Will you be laughing then? ;) Regards, -- Frank Contact info: http://www.shute.org.uk/misc/contact.html pgppsQz04okoZ.pgp Description: PGP signature
Re: Please secure your FTP access
From: Sarang. To: freebsd-questions@FreeBSD.org Sent: Tuesday, September 13, 2011 3:43 PM Subject: Please secure your FTP access Oooh! This big bad but ethical hacker is going to erase all the FTP files I'm shaking in my boots. Please Mr. Big Bad, don't hurt us! Now close your cup holder and take this advice. Don't go away madjust go away! H! there, I have seen your site and also got ftp access.. Please secure your ftp acces otherwise anyone can delete your data Why anyone? even I am also interested in it.. please move your ass otherwise it will cost you. If you are not going to fix this problem then I will delete all the files tommorrow... Take care.. Ethical but Bad Hacker... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
Sorry for top posting but can anyone send this to "Computer Stupidities" ? It seems to good to waste like this. Anyone who thinks they're a Hacker yet doesn't know how FTP works is not only funny, it's entertainment. And also, the web site I'm speaking of, has a similar story sent in from another reader, where they talked about back when they were in a Web Development class once, the teacher partnered everyone up with someone else, and so, since he had already made his own web site, he figured he'd show it to his new partner, and said "This is my web site here" and the guy, like a moron, highlighted ALL of the text with a Mouse, and threatened to hit the "Delete" button on the Keyboard... This reminds me of that quite a bit lol. On 9/14/2011 5:57 AM, Eduardo Morras wrote: > At 21:43 13/09/2011, Sarang. wrote: >> H! there, >> >> I have seen your site and also got ftp access.. >> >> Please secure your ftp acces otherwise anyone can delete your data >> >> Why anyone? even I am also interested in it.. please move your ass >> otherwise it will cost you. >> >> If you are not going to fix this problem then I will delete all the >> files tommorrow... >> >> Take care.. > > You log in as anonymous user but the user whom owns the ftp is another > one (perhaps ftp). The permises you get are r-x (thh last ones) not rwx. > > HTH > >> Ethical but Bad Hacker... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Please secure your FTP access
At 21:43 13/09/2011, Sarang. wrote: H! there, I have seen your site and also got ftp access.. Please secure your ftp acces otherwise anyone can delete your data Why anyone? even I am also interested in it.. please move your ass otherwise it will cost you. If you are not going to fix this problem then I will delete all the files tommorrow... Take care.. You log in as anonymous user but the user whom owns the ftp is another one (perhaps ftp). The permises you get are r-x (thh last ones) not rwx. HTH Ethical but Bad Hacker... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Please secure your FTP access
H! there, I have seen your site and also got ftp access.. Please secure your ftp acces otherwise anyone can delete your data Why anyone? even I am also interested in it.. please move your ass otherwise it will cost you. If you are not going to fix this problem then I will delete all the files tommorrow... Take care.. Ethical but Bad Hacker... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Required HTTP/FTP Servers for FreeBSD and Ports Updates?
Hi, I am working on a network which uses a http/ftp proxy that prompts by default for user permission before downloading any file. In order to be able to keep my system up-to-date (FreeBSD and ports), I have to white list the FreeBSD servers and directories that need to be accessible, because otherwise I can only download files through a web browser, which is obviously extremely painful. Also only the HTTP and FTP protocols are allowed on my network, so CVSUP is not allowed. So my current plan is to update FreeBSD using the following tools: 1-Port directory update through portsnap 2-FreeBSD src update through CTM 3-Port updates through distfiles and/or packages I think 1- and 2- are quite straightforward. To allow 1- I need to white list the whole content of http://portsnap.freebsd.org/ . To allow 2- I need to white list the content of ftp://ftp.freebsd.org/pub/FreeBSD/CTM/ . That should be sufficient, right? The main issue I have though is with 3-. MASTER_SITE_BACKUP and MASTER_SITE_OVERRIDE variables are no longer recognized in /etc/make.conf, right? How can I force FreeBSD to pull distfiles and packages from ftp://ftp.freebsd.org/pub/FreeBSD/ports ? Also what is the difference between ftp://ftp.freebsd.org/pub/FreeBSD/distfiles and ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles ? I guess one of the directories is aliased to point to the other, right? Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp installation
On 12 Jun 2011 at 4:32, Bill Tillman wrote: > > > From: Daniel Feenberg > Subject: Re: ftp installation > > > On Sat, 11 Jun 2011, Robert Simmons wrote: > > > On Sat, Jun 11, 2011 at 6:52 PM, Daniel Feenberg > > wrote: > >> > >> I have tried many of the ftp sites enumerated in sysinstall, with > >> both 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation > >> proceeds for a few seconds and then hangs, with the last message on > >> the console always being: > >> > >> DEBUG: Generating /etc/fstab file. > >> > ... > >> > >> Is there something off about the sysinstall ftp dialog? I don't see > >> a way to monitor what is happening. > > > > Your firewall may be interfering with the connection. You may want > > to read the handbook section on FTP installs (the grey box at the > > bottom of the page): > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-me > > dia.html > > > > Well, our router has never interfered with ftp transfers done from the > command line, but switching to the firewall-friendly mode in > sysinstall does fix the problem. > > Thank you > Daniel Feenberg > NBER > > > If I recall correctly I had to open up my firewall completely to get > the ftp installations to work. I use a FreeBSD diskless router running > IPFW+NATD and the log files are set to max out at 5 so I can't see > which port is trying to be used which gets blocked. So just for the 10 > minutes or so to do an FTP install I just open the firewall wide and > allow any to any. Once the install is complete I close the firewall > again. > > That's why "Passive" (or PASV) mode is included in FTP. It only ever makes outgoing connections from a client. 99.9% of all routers/firewalls will honour that mode with no probems, unless it's been specifically blocked by an admin type somewhere. In the F'BSD install/update settings/dialogs etc, always select the option to use FTP from behind a firewall or router, or "Firewall Friendly" mode. That will invoke Passive mode transfers. It's the one thing I can do reliably with FreeBSD, no need to mess with router/firewall permissions etc. That only needs doing if you want to run a server that is reachable from outside your LAN. That in turn, opens a whole oil drum load (i.e. a big can of worms!) of potential security issues Take care. DaveB PS: Worth looking at, for a good, if lenghty explanation. http://slacksite.com/other/ftp.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp installation
From: Daniel Feenberg To: Robert Simmons Cc: freebsd-questions@freebsd.org Sent: Sat, June 11, 2011 8:50:48 PM Subject: Re: ftp installation On Sat, 11 Jun 2011, Robert Simmons wrote: > On Sat, Jun 11, 2011 at 6:52 PM, Daniel Feenberg wrote: >> >> I have tried many of the ftp sites enumerated in sysinstall, with both >> 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation proceeds >> for a few seconds and then hangs, with the last message on the console >> always being: >> >> DEBUG: Generating /etc/fstab file. >> ... >> >> Is there something off about the sysinstall ftp dialog? I don't see a way to >> monitor what is happening. > > Your firewall may be interfering with the connection. You may want to > read the handbook section on FTP installs (the grey box at the bottom > of the page): > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-media.html > Well, our router has never interfered with ftp transfers done from the command line, but switching to the firewall-friendly mode in sysinstall does fix the problem. Thank you Daniel Feenberg NBER If I recall correctly I had to open up my firewall completely to get the ftp installations to work. I use a FreeBSD diskless router running IPFW+NATD and the log files are set to max out at 5 so I can't see which port is trying to be used which gets blocked. So just for the 10 minutes or so to do an FTP install I just open the firewall wide and allow any to any. Once the install is complete I close the firewall again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp installation
On Sat, 11 Jun 2011, Robert Simmons wrote: On Sat, Jun 11, 2011 at 6:52 PM, Daniel Feenberg wrote: I have tried many of the ftp sites enumerated in sysinstall, with both 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation proceeds for a few seconds and then hangs, with the last message on the console always being: DEBUG: Generating /etc/fstab file. ... Is there something off about the sysinstall ftp dialog? I don't see a way to monitor what is happening. Your firewall may be interfering with the connection. You may want to read the handbook section on FTP installs (the grey box at the bottom of the page): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-media.html Well, our router has never interfered with ftp transfers done from the command line, but switching to the firewall-friendly mode in sysinstall does fix the problem. Thank you Daniel Feenberg NBER___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp installation
On Sat, Jun 11, 2011 at 6:52 PM, Daniel Feenberg wrote: > > I have tried many of the ftp sites enumerated in sysinstall, with both > 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation proceeds > for a few seconds and then hangs, with the last message on the console > always being: > > DEBUG: Generating /etc/fstab file. > > This happens with several different systems. I believe it is not any > hardware problem, since I was able to install 7.4 from NFS. (I have > unrelated problems with 8.2). > > If I ftp to any of the mentioned FreeBSD ftp servers under manual control, I > have no trouble downloading ISO files. The ftp sites tried include > ftp[34567].freebsd.org and ftp10.us.freebsd.org. We have no firewall or > proxy regulating outbound connections. > > Is there something off about the sysinstall ftp dialog? I don't see a way to > monitor what is happening. Your firewall may be interfering with the connection. You may want to read the handbook section on FTP installs (the grey box at the bottom of the page): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-media.html You can determine if you are having a firewall problem specific to FTP by using an HTTP proxy install (if it works, you need to change your firewall rules). A convenient list of free and open http proxies is available here: http://www.xroxy.com/proxylist.htm Just narrow the list down to http proxies that are near you (US, I assume) then arrange them in order of ascending latency (there is a drop down menu for this). The top few should work great for you. I have found that going a step further will ensure using the fastest proxy. Just install netselect from the ports collection: http://www.freebsd.org/cgi/url.cgi?ports/net/netselect/pkg-descr http://apenwarr.ca/netselect/ then feed the top 10 proxies from xroxy to netselect and use the one it selects as fastest. All of this can be scripted using wget to scrape the data from xroxy when you need it, since free and open proxies disappear faster than fart in a fan factory. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
ftp installation
I have tried many of the ftp sites enumerated in sysinstall, with both 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation proceeds for a few seconds and then hangs, with the last message on the console always being: DEBUG: Generating /etc/fstab file. This happens with several different systems. I believe it is not any hardware problem, since I was able to install 7.4 from NFS. (I have unrelated problems with 8.2). If I ftp to any of the mentioned FreeBSD ftp servers under manual control, I have no trouble downloading ISO files. The ftp sites tried include ftp[34567].freebsd.org and ftp10.us.freebsd.org. We have no firewall or proxy regulating outbound connections. Is there something off about the sysinstall ftp dialog? I don't see a way to monitor what is happening. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FTP server at freebsd.isc.org is broken
During an unattended, non-interactive build of many ports this evening I ran into what I think indicates that the FTP server at freebsd.isc.org is broken. Here is what I believe to be evidence, performed from a FreeBSD 8.2 server at one site: site1# fetch -vvp ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/GD-Arrow-0.01.tar.gz scheme: [ftp] user: [] password: [] host: [ftp.freebsd.org] port: [0] document: [/pub/FreeBSD/ports/distfiles/GD-Arrow-0.01.tar.gz] ---> ftp.freebsd.org:21 looking up ftp.freebsd.org connecting to ftp.freebsd.org:21 <<< 220 Welcome to freebsd.isc.org. >>> USER anonymous <<< 331 Please specify the password. >>> PASS ag...@rose.agile.lan <<< 500 OOPS: cannot change directory:/home/ftp fetch: ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/GD-Arrow-0.01.tar.gz: Syntax error, command unrecognized # echo $FTP_PASSIVE_MODE YES site1# ftp freebsd.isc.org Trying 204.152.184.73... Connected to freebsd.isc.org. 220 Welcome to freebsd.isc.org. Name (freebsd.isc.org:agile): anonymous 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/ftp ftp: Login failed. ftp> bye 500 OOPS: priv_sock_get_cmd There's no reason that I know of for anything on my end to be referencing /home/ftp. I get this on a Windoze system from a second site (different LAN, different WAN address, same city, same ISP): C:\>ftp freebsd.isc.org Connected to freebsd.isc.org. 220 Welcome to freebsd.isc.org. User (freebsd.isc.org:(none)): anonymous 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/ftp 500 OOPS: priv_sock_get_cmd Connection closed by remote host. And I found this blog entry dated today in which the author is seeing the same problem: http://salihsblog.blogspot.com/2011/05/freebsd-pkgadd-error-syntax-error.html (http://tinyurl.com/42g7dv5) When problems like this arise, shouldn't the FreeBSD port building mechanisms take advantage of the redundant FreeBSD mirrors to roll over to another working server? I use portmaster for port building and it terminates with this sort of output when this scenario arises: => Attempting to fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/gd-2.0.35.tar.bz2 fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/gd-2.0.35.tar.bz2: Syntax error, command unrecognized => Couldn't fetch it - please try to retrieve this => port manually into /usr/ports/distfiles// and try again. *** Error code 1 Stop in /usr/ports/graphics/gd. What is the recommended way to enable portmaster to be more resilient against such failures? Carl / K0802647 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Bad symlink on ftp sites for 8.2 release
There seems to be a bad symlink on the ftp sites for the 8.2 release: .../pub/FreeBSD/releases/amd64/8.2-RELEASE/packages -> ../../../ports/amd64/packages-8.2-release ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP server link aggregation
On 12/15/2010 3:11 PM, Matthew Law wrote: I have a single FreeBSD box acting as an FTP server for multiple FreeBSD and Linux clients on the same /24 subnet (all gigabit ethernet). It is currently connected by just one of it's two gig ethernet ports. I also have two cisco switches with an etherchannel between them (using 2 x gig ports on each switch). I would like to connect the remaining NIC on my FreeBSD box to the other switch and enable 802.3ad on those switch ports to aggregate traffic between them. This is in the hope that it can better serve multiple FTP clients. Is my thinking correct? Other than the network interface changes which are documented here: http://www.freebsd.org/doc/handbook/network-aggregation.html are there any further tweaks I could make to improve things? -the server is a 'standard install' and does not use ZFS. It has an adaptec 5408 RAID card with 4 x SATA II drives and, IIRC, 128K stripe size and plenty of RAM. Is there a way of testing this other than initiating large file transfers to this server from multiple hosts? A simple ping from multiple sources to your server will do. LACP will associate each SRCMAC and DSTMAC pair to one physical interface. Creating traffic with many different SRCMAC and DSTMAC pairs will use both physical interfaces. But, I do vaguely remember that if_lagg was not able to perform at 2 * 1Gbps level. Use "systat -ifstat" to check what's happening and please, post your performance findings to the list! HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FTP server link aggregation
I have a single FreeBSD box acting as an FTP server for multiple FreeBSD and Linux clients on the same /24 subnet (all gigabit ethernet). It is currently connected by just one of it's two gig ethernet ports. I also have two cisco switches with an etherchannel between them (using 2 x gig ports on each switch). I would like to connect the remaining NIC on my FreeBSD box to the other switch and enable 802.3ad on those switch ports to aggregate traffic between them. This is in the hope that it can better serve multiple FTP clients. Is my thinking correct? Other than the network interface changes which are documented here: http://www.freebsd.org/doc/handbook/network-aggregation.html are there any further tweaks I could make to improve things? -the server is a 'standard install' and does not use ZFS. It has an adaptec 5408 RAID card with 4 x SATA II drives and, IIRC, 128K stripe size and plenty of RAM. Is there a way of testing this other than initiating large file transfers to this server from multiple hosts? Many thanks, Matt. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FTP not working in jail
Hello! I'm trying to set up a virtual vsftpd-ssl-2.3.2 server so my band can share new tracks, production material or what not, but I'm getting all kinds of strange errors: http://pastie.org/1358536 Anybody know why? I'm using a jail. There are no firewalls on either the host or the jail. I've tried other ftpd's and gotten similar results, so I don't think there's vsftpd there's something wrong with here. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP like web app
On 10/18/10 21:45, Andrea Venturoli wrote: Hello. Sorry if this is a bit OT, but I'm looking for an app that should: _ replace an ftp server; _ have a web interface; _ run on FreeBSD; _ let one of my users upload some file and send a link to someone else; _ let that someone else download that file without seeing others' stuff; _ possibily notify the uploader when someone else downloads that file. Any hint? Thanks to anyone who replied. In the end I installed SynaMan (http://web.synametrics.com/SynaMan.htm). We are still evaluating it, but it looks like it does 95% of what we need. bye & Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP like web app
On 10/18/2010 10:17 PM, Jerry Bell wrote: > There is a nice web app called OWL that does essentially this (plus a > bunch more): http://sourceforge.net/projects/owl/ > > It needs php, mysql and apache to run, but it does work well on FreeBSD. > We use http://sourceforge.net/projects/ajax-explorer/ for our clients. It's very nice and has the same requirements as above, can do without mysql though DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you have received it by mistake please let us know by reply and then delete it from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP like web app
There is a nice web app called OWL that does essentially this (plus a bunch more): http://sourceforge.net/projects/owl/ It needs php, mysql and apache to run, but it does work well on FreeBSD. Regards, Jerry On 10/18/2010 4:04 PM, Chuck Swiger wrote: On Oct 18, 2010, at 12:45 PM, Andrea Venturoli wrote: Sorry if this is a bit OT, but I'm looking for an app that should: _ replace an ftp server; _ have a web interface; _ run on FreeBSD; _ let one of my users upload some file and send a link to someone else; _ let that someone else download that file without seeing others' stuff; _ possibily notify the uploader when someone else downloads that file. Sounds like you want Apache + WebDAV. For download notifications, you can have something scanning the Apache logs Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP like web app
On Oct 18, 2010, at 1:16 PM, Andrea Venturoli wrote: > You mean WebDAV on the internal side or external? Right now my users simply > upload through Samba and one of the requirement is that external users > (downloaders) should not need anything more than a browser... Both-- you can setup WebDAV to act as a web-based fileserver and various platforms (MacOS X, newer Windows flavors) will even mount it similar to Samba/CIFS filesystems. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP like web app
On 10/18/10 22:04, Chuck Swiger wrote: On Oct 18, 2010, at 12:45 PM, Andrea Venturoli wrote: Sorry if this is a bit OT, but I'm looking for an app that should: _ replace an ftp server; _ have a web interface; _ run on FreeBSD; _ let one of my users upload some file and send a link to someone else; _ let that someone else download that file without seeing others' stuff; _ possibily notify the uploader when someone else downloads that file. Sounds like you want Apache + WebDAV. For download notifications, you can have something scanning the Apache logs Regards, Thanks. You mean WebDAV on the internal side or external? Right now my users simply upload through Samba and one of the requirement is that external users (downloaders) should not need anything more than a browser... bye av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP like web app
On Oct 18, 2010, at 12:45 PM, Andrea Venturoli wrote: > Sorry if this is a bit OT, but I'm looking for an app that should: > _ replace an ftp server; > _ have a web interface; > _ run on FreeBSD; > _ let one of my users upload some file and send a link to someone else; > _ let that someone else download that file without seeing others' stuff; > _ possibily notify the uploader when someone else downloads that file. Sounds like you want Apache + WebDAV. For download notifications, you can have something scanning the Apache logs Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FTP like web app
An ftpd (most any) with proper directory perms and a web browser meet most of your requirements. Heck, an httpd, like thttpd will address many of your issues - but perms may get more tricky unless you use a "full featured" httpd such as Apache. - Original Message - From: owner-freebsd-questi...@freebsd.org To: freebsd-questions@freebsd.org Sent: Mon Oct 18 14:45:17 2010 Subject: FTP like web app Hello. Sorry if this is a bit OT, but I'm looking for an app that should: _ replace an ftp server; _ have a web interface; _ run on FreeBSD; _ let one of my users upload some file and send a link to someone else; _ let that someone else download that file without seeing others' stuff; _ possibily notify the uploader when someone else downloads that file. Any hint? bye & Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FTP like web app
Hello. Sorry if this is a bit OT, but I'm looking for an app that should: _ replace an ftp server; _ have a web interface; _ run on FreeBSD; _ let one of my users upload some file and send a link to someone else; _ let that someone else download that file without seeing others' stuff; _ possibily notify the uploader when someone else downloads that file. Any hint? bye & Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Prevent symbolic links in pure-ftp!
On 27-9-2010 21:07, Joshua Isom wrote: On 9/27/2010 12:00 PM, Phan Quoc Hien wrote: hi! How to prevent symbolic links in pure-ftp for security issuse? User can access outsite chroot by create symlink: ln -s / abc => and user can change dir to / Anyone can solve this problem? Have you read the manual for pure-ftpd? Symbolic link following can be turned off completely if you so wish, but I do not want to do your homework. Sorry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Prevent symbolic links in pure-ftp!
On 9/27/2010 12:00 PM, Phan Quoc Hien wrote: hi! How to prevent symbolic links in pure-ftp for security issuse? User can access outsite chroot by create symlink: ln -s / abc => and user can change dir to / Anyone can solve this problem? Thanks. man 8 jail Jails limit file system access, device access, and kernel access. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Prevent symbolic links in pure-ftp!
hi! How to prevent symbolic links in pure-ftp for security issuse? User can access outsite chroot by create symlink: ln -s / abc => and user > can change dir to / > Anyone can solve this problem? Thanks. -- Mr.Hien E-mail: phanquoch...@gmail.com Website: www.mrhien.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp login failing after upgrade to 8.1
> Date: Tue, 10 Aug 2010 14:23:22 -0700 > From: Chris Maness > To: Mark Tinguely > Cc: freebsd-questions@freebsd.org > Subject: Re: ftp login failing after upgrade to 8.1 > > On Tue, Aug 10, 2010 at 2:19 PM, Mark Tinguely wro= > te: > > Chris Maness wrote: > >> > >> On Tue, Aug 10, 2010 at 2:07 PM, Mark Tinguely > >> wrote: > >> > >>> > >>> Chris Maness wrote: > >>> > >>>> > >>>> I just upgraded to FreeBSD 8.1 and my regular user name seems to be > >>>> disallowed for ftp. =A0I checked and my name or group does not seem to > >>>> show up in ftpusers. =A0Any suggestions as to what might have happened= > ? > >>>> > >>>> Thanks, > >>>> Chris Maness > >>>> ___ > >>>> freebsd-questions@freebsd.org mailing list > >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >>>> To unsubscribe, send any mail to > >>>> "freebsd-questions-unsubscr...@freebsd.org" > >>>> > >>>> > >>>> > >>> > >>> Do you use a shell that is no longer in /etc/shells? > >>> > >>> --Mark. > >>> > >>> > >> > >> Yes, I use bash. =A0Should I add bash to the shells file? > >> > >> Thanks, > >> Chris Maness > >> > >> > > > > yes, the full path to bash. And /etc/shells is overwritten during upgrade= > s. > > > > > > It is logging in now, but getting some strange connection refused when > I try a file transfer or list the contents of a directory. symptomatic of a firewall problem. Issue the command PASV at the ftp prompt and then try things. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp login failing after upgrade to 8.1
On Tue, Aug 10, 2010 at 2:19 PM, Mark Tinguely wrote: > Chris Maness wrote: >> >> On Tue, Aug 10, 2010 at 2:07 PM, Mark Tinguely >> wrote: >> >>> >>> Chris Maness wrote: >>> >>>> >>>> I just upgraded to FreeBSD 8.1 and my regular user name seems to be >>>> disallowed for ftp. I checked and my name or group does not seem to >>>> show up in ftpusers. Any suggestions as to what might have happened? >>>> >>>> Thanks, >>>> Chris Maness >>>> ___ >>>> freebsd-questions@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to >>>> "freebsd-questions-unsubscr...@freebsd.org" >>>> >>>> >>>> >>> >>> Do you use a shell that is no longer in /etc/shells? >>> >>> --Mark. >>> >>> >> >> Yes, I use bash. Should I add bash to the shells file? >> >> Thanks, >> Chris Maness >> >> > > yes, the full path to bash. And /etc/shells is overwritten during upgrades. > > It is logging in now, but getting some strange connection refused when I try a file transfer or list the contents of a directory. Regards, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp login failing after upgrade to 8.1
On Tue, Aug 10, 2010 at 2:07 PM, Mark Tinguely wrote: > Chris Maness wrote: >> >> I just upgraded to FreeBSD 8.1 and my regular user name seems to be >> disallowed for ftp. I checked and my name or group does not seem to >> show up in ftpusers. Any suggestions as to what might have happened? >> >> Thanks, >> Chris Maness >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscr...@freebsd.org" >> >> > > Do you use a shell that is no longer in /etc/shells? > > --Mark. > Ok, I have it working now. The man page for ftpd should make that a little clearer than it does. There is another issue after logging in. The login works just fine, but when it tries to establish a connection for transfer or list the contents of a directory, I get a connection refused error. Regards, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ftp login failing after upgrade to 8.1
On 10/08/2010 22:01:40, Chris Maness wrote: > I just upgraded to FreeBSD 8.1 and my regular user name seems to be > disallowed for ftp. I checked and my name or group does not seem to > show up in ftpusers. Any suggestions as to what might have happened? /etc/ftpusers is actually the list of accounts that should be *denied* access via FTP. You don't want your UID in there if you want to use FTP. Make sure the login shell for your account is mentioned in /etc/shells. Failing that, curse FTP as an archaic and inherently insecure protocol completely unsuitable for today's internet, and switch to using sftp(8) instead -- which has the look and feel of FTP, but which runs tunnelled over SSH. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: ftp login failing after upgrade to 8.1
On Tue, Aug 10, 2010 at 2:07 PM, Mark Tinguely wrote: > Chris Maness wrote: >> >> I just upgraded to FreeBSD 8.1 and my regular user name seems to be >> disallowed for ftp. I checked and my name or group does not seem to >> show up in ftpusers. Any suggestions as to what might have happened? >> >> Thanks, >> Chris Maness >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscr...@freebsd.org" >> >> > > Do you use a shell that is no longer in /etc/shells? > > --Mark. > Yes, I use bash. Should I add bash to the shells file? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
