[Yum] yum and firewalls again

Troy Dawson dawson at fnal.gov
Thu May 1 16:28:18 UTC 2003


Hi Mike and Seth,
Thank you very very much for helping with this.
Mikes final resolution fixed it (or should I say bypassed the problem)

Just incase you are curious, I'll tell what worked.
The machine is running Fermi Linux 7.3.1 (RedHat 7.3), it had the latest 1.0 
yum daily, which has urlgrabber in it.  It is behind a firewall that doesn't 
allow active ftp.

Michael Stenner wrote:
> On Wed, Apr 30, 2003 at 12:55:16PM -0500, Troy Dawson wrote:
> 
>>Hi Mike and Seth,
>>With the latest 1.0 daily that has urlgrabber, we've been able to do 
>>some tests.
>>So on the machine behind the firewall we get
>>
>>  python urlgrabber.py ftp://server.com/path/to/file local_copy
>>    <hangs>
>>  pythons2 urlgrabber.py ftp://server.com/path/to/file local_copy
>>    <suceeds>
> 
> 
> OK.  I'm pretty sure this is the problem:
> 
> python 1.5's ftplib defaults to active ftp, with no easy way to change
> it via the urllib interface.  
> 
> To verify that this is the problem, do this:
> 
> python /usr/lib/python1.5/ftplib.py server.com path/to/file > localfile

hangs - as suspected

> python /usr/lib/python1.5/ftplib.py server.com -p path/to/file > localfile

works - as suspected

> 
> The -p in the second one puts it in passive mode.  If the first fails
> but the second succeeds, then my suspicion is confirmed.
> 
> I would recommend that you set up your firewall to allow active ftp.
> 
> I'd like to fix it, but I REALLY don't think it's worth the extra
> complexity for the triple-special-case of yum-1 via ftp behind a
> firewall.
> 
> A quick and dirty fix if you must:  grab /usr/lib/python1.5/ftplib.py,
> change "self.passiveserver = 0" to "self.passiveserver = 1", and put
> the modified version in /usr/lib/yum/.  I haven't tested this, but it
> should work.
> 

copied /usr/lib/python1.5/ftplib.py to /usr/share/yum
edited file as said above
Tried it.
It worked.

> If someone finds a clean way to fix it, I'd be happy to see it.
> 

This seems clean enough for me.  Since here this is definatly the exception 
and not the rule, this is good enough for us.

> 				-Michael
> 

Thanks Again,
Troy
-- 
__________________________________________________
Troy Dawson  dawson at fnal.gov  (630)840-6468
Fermilab  ComputingDivision/OSS  CSI Group
__________________________________________________




More information about the Yum mailing list