Subject: download-vulnerability-list has timeouts on ftp.netbsd.org
To: None <tech-pkg@netbsd.org>
From: Charlie Allom <charlie@rubberduck.com>
List: tech-pkg
Date: 07/28/2002 10:24:12
Some people have had trouble with download-vulnerability-list timing
out at the first '230- ' line, after it logs in.

Jared D. McNeill gave 3 ways to get around the problem: (from his
lips)

First is to add a '-' to the first of your FTP password.
ie
login: ftp
password: -foo@bar.org

Second fix:
map pppoe0 192.168.0.0/24 -> 0/32 proxy port 7070 raudio/tcp mssclamp 1412
map pppoe0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp mssclamp 1412
map pppoe0 192.168.0.0/24 -> 0/32 portmap tcp/udp 40000:60000 mssclamp 1412
map pppoe0 192.168.0.0/24 -> 0/32 mssclamp 1412

Oh, there's a third fix too.
Install squid on your NAT, and 'export ftp_proxy=http://natip:8080'

The mssclamp one is easiest though :)

</Jared>

I don't know the reason I get these timeouts, but I propose a send-pr
that adds to line 9 in /usr/pkg/sbin/download-vulnerability-list, a
VUL_SOURCE="ftp://ftp:-vuln-download@ftp.netbsd.org/ - instead of the
ftp://ftp.netbsd... we have now.

Any explanations why it may occur and whether it's a good idea or not?

  C.
-- 
 charlie@rubberduck.com
 http://rubberduck.com/yeled/pgp.txt