[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewalls

To:             	"Nigel Sale" <Nigel.Sale@martin-baker.co.uk>
Copies to:      	debian-laptop@lists.debian.org
Subject:        	Re: Firewalls
From:           	Daniel Pittman <daniel@danann.net>
Organization:   	Here, there and everywhere...
Date sent:      	15 Mar 2000 19:34:46 +1100

> On Wed, 15 Mar 2000, Nigel Sale <Nigel.Sale@martin-baker.co.uk> wrote:
> 
> [...]
> 
> > However, when at work i sit behind a socks5 based proxy firewall, 
> > which kind of screws things up.
> > 
> > Does anybody have experience of this ?
> 
> Sure. I live behind one at work and at home. Works good. :)
> 
> > I have just started playing with dante-client, which is supposed to
> > allow you to 'socksify' applications, and it worked to a point with
> > ftp in that i managed to connect to an external site, but got errors
> > when i actually tried to ls or get, (cd worked fine).
> 
> Sure. The real issue is the design of the FTP protocol. It tries to open
> a connection from the FTP server (outside the firewall) to your machine
> (inside it) and this fails.
> 
> The SOCKS protocol only supports outbound connections (from your machine
> to something else).
> 
> If you use the command 'pftp' rather than 'ftp', you will be able to do
> FTP things - this is just the standard ftp client with the default of
> passive mode rather than active mode.
> 
> Passive mode, incidentally, is different from active mode (the standard
> one) in that the client machine (you) creates all the connections,
> rather than the server creating any of them.
>

Thanks, pftp works fine.

> [...]
> 
> > But my ultimate reason for doing this is that i want to be able to use
> > apt-get from behind this firewall....so i need to socksify apt-get,
> > has anybody done this ?
> 
> Er. I had real problems with apt-get and dante working together. Then I
> went to unstable and simply used my web proxy to do it all, which is
> good.

Can you elaborate on this last bit, how do you use apt-get from 
behind your firewall ?

> 
> You will need to look at the configuration for apt and see if it
> supports passive FTP at all. If it does, you can use it with SOCKS (all
> other things being equal). If you can't get it to use that, no luck, I
> am afraid.
> 
> Good luck, and let me know if you are still having trouble.
> 
>         Daniel
> 
> -- 
> An idea that is not dangerous is unworthy to be called an idea at all.
>         -- Elbert Hubbard


--
Nigel Sale
Senior Systems Engineer
Martin-Baker Aircraft Co. Ltd.
Reply to: