pkg_add and EPSV - BSD

This is a discussion on pkg_add and EPSV - BSD ; Hi, my firewall does not know EPSV but tries to parse it. As a result it blocks passive ftp connections using EPSV (PASV works fine). What can I do? I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: pkg_add and EPSV

  1. pkg_add and EPSV

    Hi,

    my firewall does not know EPSV but tries to parse it. As a result it blocks
    passive ftp connections using EPSV (PASV works fine).

    What can I do?

    I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps auxww
    still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV? Anything
    else?

    Thanks, Helmut

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn



  2. Re: pkg_add and EPSV

    Helmut Schneider wrote:
    > I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps auxww
    > still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV? Anything
    > else?
    >

    I have tried:
    env FETCH_CMD='which wget' make fetch
    and it works on 4.2-current.
    Does it work on your pc ?
    Giovanni
    --
    /*
    * SnB - http://www.snb.it
    */

  3. Re: pkg_add and EPSV

    Giovanni Bechis wrote:
    > Helmut Schneider wrote:
    >> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps auxww
    >> still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV? Anything
    >> else?
    >>

    > I have tried:
    > env FETCH_CMD='which wget' make fetch
    > and it works on 4.2-current.
    > Does it work on your pc ?


    Of course, if you are running current and using sudo to run this, you
    have to make sure you change the default sudoers file in order for this
    to work, I imagine.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  4. Re: pkg_add and EPSV

    Helmut Schneider wrote:
    > Hi,
    >
    > my firewall does not know EPSV but tries to parse it. As a result it blocks
    > passive ftp connections using EPSV (PASV works fine).
    >
    > What can I do?
    >
    > I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps auxww
    > still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV? Anything
    > else?


    From ftp(1):
    -E Disables EPSV/EPRT command on IPv4 connections.

    So using wget is not actually necessary. As to why FETCH_CMD is ignored,
    I don't know - post the exact sequence of commands entered (sudo was
    already mentioned as a possible culprit).

    Joachim

  5. Re: pkg_add and EPSV

    Joachim Schipper wrote:
    > Helmut Schneider wrote:
    >> Hi,
    >> my firewall does not know EPSV but tries to parse it. As a result it
    >> blocks passive ftp connections using EPSV (PASV works fine).
    >> What can I do?
    >> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >> Anything else?

    > From ftp(1):
    > -E Disables EPSV/EPRT command on IPv4 connections.


    If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):

    Can't exec "/usr/bin/ftp -E": No such file or directory at
    /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn



  6. Re: pkg_add and EPSV

    Giovanni Bechis wrote:
    > Helmut Schneider wrote:
    >> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >> Anything else?

    > I have tried:
    > env FETCH_CMD='which wget' make fetch
    > and it works on 4.2-current.
    > Does it work on your pc ?


    Yes, it does.

    But 'env FETCH_CMD=$(which wget) pkg_add $package' does not, it uses ftp(1).

    [root@BSDHelmut ~]# uname -rs
    OpenBSD 4.1
    [root@BSDHelmut ~]# echo $SHELL
    /bin/ksh
    [root@BSDHelmut ~]#

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn



  7. Re: pkg_add and EPSV

    Helmut Schneider wrote:
    > Joachim Schipper wrote:
    >> Helmut Schneider wrote:
    >>> Hi,
    >>> my firewall does not know EPSV but tries to parse it. As a result it
    >>> blocks passive ftp connections using EPSV (PASV works fine).
    >>> What can I do?
    >>> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >>> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >>> Anything else?

    >> From ftp(1):
    >> -E Disables EPSV/EPRT command on IPv4 connections.

    > If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):
    > Can't exec "/usr/bin/ftp -E": No such file or directory at
    > /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    > can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.


    Appendix: I tried this on another machine, where the problem with FETCH_CMD
    does not exist.

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn



  8. Re: pkg_add and EPSV

    Helmut Schneider wrote:
    > Joachim Schipper wrote:
    >> Helmut Schneider wrote:
    >>> Hi,
    >>> my firewall does not know EPSV but tries to parse it. As a result it
    >>> blocks passive ftp connections using EPSV (PASV works fine).
    >>> What can I do?
    >>> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >>> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >>> Anything else?

    >> From ftp(1):
    >> -E Disables EPSV/EPRT command on IPv4 connections.

    >
    > If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):
    >
    > Can't exec "/usr/bin/ftp -E": No such file or directory at
    > /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    > can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.


    So use /usr/local/bin/ftp-no-epsv:

    #!/bin/sh

    exec ftp -E "$@"

    Joachim

  9. Re: pkg_add and EPSV

    Joachim Schipper wrote:
    > Helmut Schneider wrote:
    >> Joachim Schipper wrote:
    >>> Helmut Schneider wrote:
    >>>> my firewall does not know EPSV but tries to parse it. As a result it
    >>>> blocks passive ftp connections using EPSV (PASV works fine).
    >>>> What can I do?
    >>>> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >>>> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >>>> Anything else?
    >>> From ftp(1):
    >>> -E Disables EPSV/EPRT command on IPv4 connections.

    >> If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):
    >> Can't exec "/usr/bin/ftp -E": No such file or directory at
    >> /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    >> can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line
    >> 515.

    > So use /usr/local/bin/ftp-no-epsv:
    > #!/bin/sh
    > exec ftp -E "$@"


    Of course that works fine but isn't suitable for all machines here.

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn



  10. Re: pkg_add and EPSV

    In article <5jl229F40urU1@mid.individual.net>,
    Helmut Schneider wrote:
    >Joachim Schipper wrote:
    >> Helmut Schneider wrote:
    >>> Joachim Schipper wrote:
    >>>> Helmut Schneider wrote:
    >>>>> my firewall does not know EPSV but tries to parse it. As a result it
    >>>>> blocks passive ftp connections using EPSV (PASV works fine).
    >>>>> What can I do?
    >>>>> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >>>>> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >>>>> Anything else?
    >>>> From ftp(1):
    >>>> -E Disables EPSV/EPRT command on IPv4 connections.
    >>> If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):
    >>> Can't exec "/usr/bin/ftp -E": No such file or directory at
    >>> /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    >>> can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line
    >>> 515.

    >> So use /usr/local/bin/ftp-no-epsv:
    >> #!/bin/sh
    >> exec ftp -E "$@"


    >Of course that works fine but isn't suitable for all machines here.


    Why is it a problem ?

    Requiring FETCH_CMD to be an executable, script or otherwise, was a
    conscious decision. It was becoming way too uncomfortable running system
    directly, and risking corruption of badly quoted parameters. I'll admit
    I could try parsing FETCH_CMD and cutting it up into main commands/options,
    but it's a lot of code for stuff that can be accomplished in a separate
    script... (also the fact that FETCH_CMD has to behave a lot like the system
    ftp for many things to work...)

    Besides, having pkg_* in perl means people can tweak it directly if they
    *really* need it. Like, if your installation doesn't deal with EPSV at all,
    adding the -E to the pkg_add code in selected places is starting to look like
    a good idea to me.

  11. Re: pkg_add and EPSV

    Marc Espie wrote:
    > In article <5jl229F40urU1@mid.individual.net>,
    > Helmut Schneider wrote:
    >>Joachim Schipper wrote:
    >>> Helmut Schneider wrote:
    >>>> Joachim Schipper wrote:
    >>>>> Helmut Schneider wrote:
    >>>>>> my firewall does not know EPSV but tries to parse it. As a result it
    >>>>>> blocks passive ftp connections using EPSV (PASV works fine).
    >>>>>> What can I do?
    >>>>>> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >>>>>> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >>>>>> Anything else?
    >>>>> From ftp(1):
    >>>>> -E Disables EPSV/EPRT command on IPv4 connections.
    >>>> If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):
    >>>> Can't exec "/usr/bin/ftp -E": No such file or directory at
    >>>> /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    >>>> can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line
    >>>> 515.
    >>> So use /usr/local/bin/ftp-no-epsv:
    >>> #!/bin/sh
    >>> exec ftp -E "$@"

    >>Of course that works fine but isn't suitable for all machines here.

    > Why is it a problem ?


    I don't want to copy to many scripts to the machines. Some of them are
    'friendly' but not mine. At that point IMO it is easier/more transparent to
    use an already existing wget/ncftpget/... instead of providing a second
    script.

    If it would be possible to use pkg_add -r/u together with 'exec ftp -E "$@"'
    within only one single script I would love to use it but I think it isn't.

    > Requiring FETCH_CMD to be an executable, script or otherwise, was a
    > conscious decision.


    No doubt about that.

    > *really* need it. Like, if your installation doesn't deal with EPSV at
    > all, adding the -E to the pkg_add code in selected places is starting to
    > look like a good idea to me.


    I would agree if it is only one single machine or all that machines were
    under my desk. But there are several machines which I only touch from time
    to time and I do not want to risk pkg_add to be replaced by the next rebuild
    (who ever rebuilds).

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn



  12. Re: pkg_add and EPSV

    Helmut Schneider wrote:
    > Marc Espie wrote:
    >> In article <5jl229F40urU1@mid.individual.net>,
    >> Helmut Schneider wrote:
    >>>Joachim Schipper wrote:
    >>>> Helmut Schneider wrote:
    >>>>> Joachim Schipper wrote:
    >>>>>> Helmut Schneider wrote:
    >>>>>>> my firewall does not know EPSV but tries to parse it. As a result it
    >>>>>>> blocks passive ftp connections using EPSV (PASV works fine).
    >>>>>>> What can I do?
    >>>>>>> I tried to 'export FETCH_CMD=$(which wget)' but it seems ignored (ps
    >>>>>>> auxww still shows 'ftp -o - ...'). Can I use .netrc to disable EPSV?
    >>>>>>> Anything else?
    >>>>>> From ftp(1):
    >>>>>> -E Disables EPSV/EPRT command on IPv4 connections.
    >>>>> If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):
    >>>>> Can't exec "/usr/bin/ftp -E": No such file or directory at
    >>>>> /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    >>>>> can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line
    >>>>> 515.
    >>>> So use /usr/local/bin/ftp-no-epsv:
    >>>> #!/bin/sh
    >>>> exec ftp -E "$@"
    >>>Of course that works fine but isn't suitable for all machines here.

    >> Why is it a problem ?

    >
    > I don't want to copy to many scripts to the machines. Some of them are
    > 'friendly' but not mine. At that point IMO it is easier/more transparent to
    > use an already existing wget/ncftpget/... instead of providing a second
    > script.
    >
    > If it would be possible to use pkg_add -r/u together with 'exec ftp -E "$@"'
    > within only one single script I would love to use it but I think it isn't.


    If you have a home directory, place the script there. If you do not have
    one, then what are you doing on that box?

    >> *really* need it. Like, if your installation doesn't deal with EPSV at
    >> all, adding the -E to the pkg_add code in selected places is starting to
    >> look like a good idea to me.

    >
    > I would agree if it is only one single machine or all that machines were
    > under my desk. But there are several machines which I only touch from time
    > to time and I do not want to risk pkg_add to be replaced by the next rebuild
    > (who ever rebuilds).


    Okay, that makes sense.

  13. Re: pkg_add and EPSV

    Joachim Schipper wrote:
    > Helmut Schneider wrote:
    >> Marc Espie wrote:
    >>> In article <5jl229F40urU1@mid.individual.net>,
    >>> Helmut Schneider wrote:
    >>>>Joachim Schipper wrote:
    >>>>> Helmut Schneider wrote:
    >>>>>> Joachim Schipper wrote:
    >>>>>>> Helmut Schneider wrote:
    >>>>>>>> my firewall does not know EPSV but tries to parse it. As a
    >>>>>>>> result it blocks passive ftp connections using EPSV (PASV
    >>>>>>>> works fine). What can I do?
    >>>>>>>> I tried to 'export FETCH_CMD=$(which wget)' but it seems
    >>>>>>>> ignored (ps auxww still shows 'ftp -o - ...'). Can I use
    >>>>>>>> .netrc to disable EPSV? Anything else?
    >>>>>>> From ftp(1):
    >>>>>>> -E Disables EPSV/EPRT command on IPv4 connections.
    >>>>>> If I set FETCH_CMD to "ftp -E" and run pkg_add (-r):
    >>>>>> Can't exec "/usr/bin/ftp -E": No such file or directory at
    >>>>>> /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 515.
    >>>>>> can't run ftp at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line
    >>>>>> 515.
    >>>>> So use /usr/local/bin/ftp-no-epsv:
    >>>>> #!/bin/sh
    >>>>> exec ftp -E "$@"
    >>>>Of course that works fine but isn't suitable for all machines here.
    >>> Why is it a problem ?

    >> I don't want to copy to many scripts to the machines. Some of them are
    >> 'friendly' but not mine. At that point IMO it is easier/more
    >> transparent to use an already existing wget/ncftpget/... instead of
    >> providing a second script.
    >> If it would be possible to use pkg_add -r/u together with 'exec ftp -E
    >> "$@"' within only one single script I would love to use it but I
    >> think it isn't.

    > If you have a home directory, place the script there. If you do not have
    > one, then what are you doing on that box?


    I'm a very nice guy and help friends whenever they break something. I also
    set up a package server, compile and provide packages for them, patch their
    systems, upgrade their systems, and *sometimes* I get tickets for Bayern
    München for my work. )

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn



+ Reply to Thread