Jan 041999

fetch – and how to use it behind a firewall

fetch allows you to retrieve a file by supplying a URL (Uniform Resource Locator).  It is very useful and powerful tool.  It effectively automates an anonymous FTP session.

If you get the following message when you use fetch, then I suspect you are behind a firewall:

su-2.02# fetch ftp://<somefilename>
fetch: ftp://<somefilename>: FTP error:
fetch: Can't open data connection

If you are behind a firewall, you might want to try the -P option on the command line.   This will force fetch to "use the passive mode of the FTP protocol.   This is useful for crossing certain types of firewalls." [as quoted from man fetch].

  2 Responses to “fetch – and how to use it behind a firewall”

  1. I recently improved my firewall rules to block ports for all the unused services on my machine (the standard rc.firewall "simple" configuration with the patch recommended in a problem report I can’t find again). By default, this blocks the ftp-data port from outside the local network.

    FTP clients, including fetch, have a "passive" mode to deal with this. However, if you’re simply typing ‘make’ in a ports directory, the ‘make fetch’ target will fail because it invokes fetch without passive mode. My first solution was to open the ftp-data port in the firewall rules, but I wanted the ‘make fetch’ target to use a passive fetch.

    The answer was to add ‘FETCH_CMD = /usr/bin/fetch -P’ to /etc/make.conf. The name, ‘FETCH_CMD’, is documented in the ports man page, but not where to put it.