Subject: Re: FTP not working in some cases?
To: Yasir Malik <ymalik@cs.stevens-tech.edu>
From: Steven M. Bellovin <smb@research.att.com>
List: port-i386
Date: 04/09/2004 10:28:13
In message <Pine.NEB.4.58.0404091002060.28514@pink-elephant.cs.stevens-tech.edu
>, Yasir Malik writes:
>> Is there a Checkpoint firewall in the path? That can cause the
>> symptoms you noticed. Sometimes, this can be bypassed by using a '-'
>> as the password. I haven't tried this, but you might be able to
>> persuade sysinst to do that by using its 'shell' option and creating a
>> .netrc file.
>>
>> --Steve Bellovin, http://www.research.att.com/~smb
>
>Thank you for your reply. We do not have a Checkpoint firewall. We have
>a Pix firewall. None of your solutions work. This is really weird. I
>thought about copying the distribution to my Windows partition and then
>mounting it in sysinst, bt it turns out that I can't even access
>releng.netbsd.org through Windows. Is there someting wrong with the ftp
>server?
Can you get to the server manually, specifying a password of "-" (omit
the quotes)? As I indicated, I'm not sure that sysinst will honor a
.netrc file. (Hmm -- a quick test of 'ftp' with a URL argument
suggests that it does *not* look at the .netrc file, and hence won't
honor the "-" in sysinst. I don't know if that's a bug in ftp or a
conscious design decision.)
The problem is the long "230" messages put out by ftp.netbsd.org. This
confuses some (stupid) firewalls. Using "-" as a password tells the
server to omit the message. Alternatively, there may be a PIX firewall
setting to keep it happy, but it's often hard to persuade firewall
administrators to make the change.
--Steve Bellovin, http://www.research.att.com/~smb