Jan 041999
fetch – and how to use it behind a firewall
fetch allows you to retrieve a file by supplying a URL (Uniform Resource Locator). It is very useful and powerful tool. It effectively automates an anonymous FTP session.If you get the following message when you use fetch, then I suspect you are behind a firewall:
su-2.02# fetch ftp://<somefilename> fetch: ftp://<somefilename>: FTP error: fetch: Can't open data connection su-2.02#
If you are behind a firewall, you might want to try the -P option on the command line. This will force fetch to "use the passive mode of the FTP protocol. This is useful for crossing certain types of firewalls." [as quoted from man fetch].
I recently improved my firewall rules to block ports for all the unused services on my machine (the standard rc.firewall "simple" configuration with the patch recommended in a problem report I can’t find again). By default, this blocks the ftp-data port from outside the local network.
FTP clients, including fetch, have a "passive" mode to deal with this. However, if you’re simply typing ‘make’ in a ports directory, the ‘make fetch’ target will fail because it invokes fetch without passive mode. My first solution was to open the ftp-data port in the firewall rules, but I wanted the ‘make fetch’ target to use a passive fetch.
The answer was to add ‘FETCH_CMD = /usr/bin/fetch -P’ to /etc/make.conf. The name, ‘FETCH_CMD’, is documented in the ports man page, but not where to put it.
Perfect Thank you