Re: Firewalls
To: "Nigel Sale" <Nigel.Sale@martin-baker.co.uk>
Copies to: debian-laptop@lists.debian.org
Subject: Re: Firewalls
From: Daniel Pittman <daniel@danann.net>
Organization: Here, there and everywhere...
Date sent: 15 Mar 2000 19:34:46 +1100
> On Wed, 15 Mar 2000, Nigel Sale <Nigel.Sale@martin-baker.co.uk> wrote:
>
> [...]
>
> > However, when at work i sit behind a socks5 based proxy firewall,
> > which kind of screws things up.
> >
> > Does anybody have experience of this ?
>
> Sure. I live behind one at work and at home. Works good. :)
>
> > I have just started playing with dante-client, which is supposed to
> > allow you to 'socksify' applications, and it worked to a point with
> > ftp in that i managed to connect to an external site, but got errors
> > when i actually tried to ls or get, (cd worked fine).
>
> Sure. The real issue is the design of the FTP protocol. It tries to open
> a connection from the FTP server (outside the firewall) to your machine
> (inside it) and this fails.
>
> The SOCKS protocol only supports outbound connections (from your machine
> to something else).
>
> If you use the command 'pftp' rather than 'ftp', you will be able to do
> FTP things - this is just the standard ftp client with the default of
> passive mode rather than active mode.
>
> Passive mode, incidentally, is different from active mode (the standard
> one) in that the client machine (you) creates all the connections,
> rather than the server creating any of them.
>
Thanks, pftp works fine.
> [...]
>
> > But my ultimate reason for doing this is that i want to be able to use
> > apt-get from behind this firewall....so i need to socksify apt-get,
> > has anybody done this ?
>
> Er. I had real problems with apt-get and dante working together. Then I
> went to unstable and simply used my web proxy to do it all, which is
> good.
Can you elaborate on this last bit, how do you use apt-get from
behind your firewall ?
>
> You will need to look at the configuration for apt and see if it
> supports passive FTP at all. If it does, you can use it with SOCKS (all
> other things being equal). If you can't get it to use that, no luck, I
> am afraid.
>
> Good luck, and let me know if you are still having trouble.
>
> Daniel
>
> --
> An idea that is not dangerous is unworthy to be called an idea at all.
> -- Elbert Hubbard
--
Nigel Sale
Senior Systems Engineer
Martin-Baker Aircraft Co. Ltd.
Reply to: