Thread: [Cpan2rpm-general] Passive FTPs?
Brought to you by:
ekkis
From: bishop <bi...@pl...> - 2003-06-05 09:48:58
|
Hey folks, My NAT-crippled boxes are hating when cpan2rpm tries to hit FTP URLs, because it needs passive. Any reason why it's not a default option? I've not seen any case where 'wget --passive http://...' causes problems, but I'm by no means confident that it's not an issue. If it's something worthwhile, and safe, how about this: > --- /usr/bin/cpan2rpm Wed Jun 4 01:08:47 2003 > +++ /tmp/cpan2rpm Wed Jun 4 16:40:27 2003 > @@ -1179,8 +1179,8 @@ > my @prg = ( > "/usr/bin/lynx -source $url", > "/usr/bin/links -source $url", > - "/usr/bin/wget -O - $url", > - "/usr/bin/ncftpget $url && cat " . ($url =~ m|.*/(.*)|), > + "/usr/bin/wget --passive -O - $url", > + "/usr/bin/ncftpget -F $url && cat " . ($url =~ m|.*/(.*)|), > ); > > for (@prg) { As a start, it forces passive for wget and ncftp. I know that wget doesn't care either way, but I'm not sure about ncftpget, and I have no idea for lynx and links. Another random thought at 3 AM. Don't give it too much stock. - bish |
From: Rob B. <ro...@ro...> - 2003-06-05 15:47:34
|
Bishop: Passive mode breaks on many servers that are behind firewalls and PORT mode is more secure for servers than PASV mode. And PASV is not required to be implemented according to the RFCs, but PORT mode is. If anything is to be default, it _should_ be PORT mode instead of PASV mode. But I think a cpan2rpm --passive option might be appropriate to force PASV mode for clients behind certain firewalls or NAT configurations. Erick, what do you think? -- Rob On Thu, 5 Jun 2003, bishop wrote: > Hey folks, > > My NAT-crippled boxes are hating when cpan2rpm tries to hit FTP URLs, > because it needs passive. Any reason why it's not a default option? > I've not seen any case where 'wget --passive http://...' causes > problems, but I'm by no means confident that it's not an issue. > > If it's something worthwhile, and safe, how about this: > > [patch] > > As a start, it forces passive for wget and ncftp. I know that wget > doesn't care either way, but I'm not sure about ncftpget, and I have no > idea for lynx and links. > > Another random thought at 3 AM. Don't give it too much stock. > > - bish |
From: Erick C. <e...@ar...> - 2003-06-09 03:23:30
|
> Erick, what do you think? makes sense... will add to TODO list for next release -----Original Message----- From: cpa...@li... [mailto:cpa...@li...]On Behalf Of Rob Brown Sent: Thursday, June 05, 2003 8:48 AM To: bishop Cc: cpa...@li... Subject: Re: [Cpan2rpm-general] Passive FTPs? Bishop: Passive mode breaks on many servers that are behind firewalls and PORT mode is more secure for servers than PASV mode. And PASV is not required to be implemented according to the RFCs, but PORT mode is. If anything is to be default, it _should_ be PORT mode instead of PASV mode. But I think a cpan2rpm --passive option might be appropriate to force PASV mode for clients behind certain firewalls or NAT configurations. Erick, what do you think? -- Rob On Thu, 5 Jun 2003, bishop wrote: > Hey folks, > > My NAT-crippled boxes are hating when cpan2rpm tries to hit FTP URLs, > because it needs passive. Any reason why it's not a default option? > I've not seen any case where 'wget --passive http://...' causes > problems, but I'm by no means confident that it's not an issue. > > If it's something worthwhile, and safe, how about this: > > [patch] > > As a start, it forces passive for wget and ncftp. I know that wget > doesn't care either way, but I'm not sure about ncftpget, and I have no > idea for lynx and links. > > Another random thought at 3 AM. Don't give it too much stock. > > - bish ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Cpan2rpm-general mailing list Cpa...@li... https://lists.sourceforge.net/lists/listinfo/cpan2rpm-general |
From: Ian B. <ib...@on...> - 2003-07-14 18:04:16
|
Rob Brown wrote: > > Passive mode breaks on many servers that are > behind firewalls and PORT mode is more secure > for servers than PASV mode. And PASV is not > required to be implemented according to the > RFCs, but PORT mode is. If anything is to be > default, it _should_ be PORT mode instead of > PASV mode. But I think a cpan2rpm --passive > option might be appropriate to force PASV mode > for clients behind certain firewalls or NAT > configurations. Erick, what do you think? > It is possible to change wget's defaults to always use passive mode for FTP. Create the ~/.wgetrc file or edit /etc/wgetrc to have the line: passive_ftp = on I think it is better for people to change their local wget settings instead of adding an option to cpan2rpm. - Ian |
From: Erick C. <e...@ar...> - 2003-07-14 18:39:22
|
thanks for sharing that insight. I've added notes to the README to that effect. -----Original Message----- From: cpa...@li... [mailto:cpa...@li...]On Behalf Of Ian Burrell Sent: Monday, July 14, 2003 11:04 AM To: cpa...@li... Subject: Re: [Cpan2rpm-general] Passive FTPs? Rob Brown wrote: > > Passive mode breaks on many servers that are > behind firewalls and PORT mode is more secure > for servers than PASV mode. And PASV is not > required to be implemented according to the > RFCs, but PORT mode is. If anything is to be > default, it _should_ be PORT mode instead of > PASV mode. But I think a cpan2rpm --passive > option might be appropriate to force PASV mode > for clients behind certain firewalls or NAT > configurations. Erick, what do you think? > It is possible to change wget's defaults to always use passive mode for FTP. Create the ~/.wgetrc file or edit /etc/wgetrc to have the line: passive_ftp = on I think it is better for people to change their local wget settings instead of adding an option to cpan2rpm. - Ian ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 _______________________________________________ Cpan2rpm-general mailing list Cpa...@li... https://lists.sourceforge.net/lists/listinfo/cpan2rpm-general |
From: bishop <bi...@pl...> - 2003-07-14 21:05:08
|
Ian Burrell wrote: > Rob Brown wrote: > >> Passive mode breaks on many servers that are >> behind firewalls and PORT mode is more secure >> for servers than PASV mode. And PASV is not >> required to be implemented according to the >> RFCs, but PORT mode is. If anything is to be >> default, it _should_ be PORT mode instead of >> PASV mode. But I think a cpan2rpm --passive >> option might be appropriate to force PASV mode >> for clients behind certain firewalls or NAT >> configurations. Erick, what do you think? >> > > It is possible to change wget's defaults to always use passive mode for > FTP. Create the ~/.wgetrc file or edit /etc/wgetrc to have the line: > > passive_ftp = on > > I think it is better for people to change their local wget settings > instead of adding an option to cpan2rpm. Do you think it's better? Rob already provided the counter-example to your theory of changing the default in the RC : some systems cannot handle a PASV connection, because they're *only* rfc-compliant, and some systems may have it disabled for security. Hmm, no option to turn it OFF, either. Should we edit the file and reverse the option every time we access a system that needs PORT, and then reverse it back? Is that the best option? - bish -- Those things really shatter well. [magic] 8 Ball didn't see THAT coming. -- Wil Wheaton. (The geek, not the star.) |