When fetching binary packages using emerge -g, the ftp session will only use Passive FTP and not Active FTP. In many situations passive mode is not possible due to firewall restrictions. On line 121 in /usr/lib/portage/pym/getbinpkg.py the ftp session is instructed to use passive mode: conn.set_pasv(1) Could it be possible to make this configurable? Or perhaps better, use FETCHCOMMAND setting from /etc/make.conf for fetching binaries? My portage version is: sys-apps/portage-2.0.50-r9 Reproducible: Always Steps to Reproduce: 1. Make sure you're behing a firewall with no passive ftp allowed 2. Setup PORTAGE_BINHOST in /etc/make.conf to point to a ftp server with binary packages 3. emerge -G sys-apps/portage Actual Results: Fetching binary packages info... * No password provided for username 'anonymous' Loaded metadata pickle. !!! Failed to get all metadata: (113, 'No route to host') Expected Results: Fetch the binary package and install it # emerge info Portage 2.0.50-r9 (default-x86-2004.2, gcc-3.3.3, glibc-2.3.3.20040420-r0, 2.4.25-gentoo) ================================================================= System uname: 2.4.25-gentoo i686 Intel(R) Xeon(TM) CPU 1.80GHz Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="ftp://portage.nhn.no" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.nhn.no/gentoo-portage" USE="acpi berkdb crypt cups encode foomaticdb freetype gdbm gif gpm jpeg ldap libg++ libwww maildir mpeg ncurses nls pam pdflib perl png python readline slang snmp spell ssl tcpd truetype x86 xml2 zlib"
Why disable passive FTP? Isn't that the exact opposite direction you take when enacting a firewall? Passive uses only outbound connections but active establishes a connection back, no? Please correct me if I am wrong. This can be worked on as a configurable options, but might take a bit.
In passive mode the server will open a random data port which the client will connect to. While in active mode, it is the client that opens a random data port which the server connects to. In my case i have a server on DMZ which need to fetch binaries from a ftp server on the LAN. Because the firewall will deny incoming connections to the LAN, i must use active ftp. I haven't looked into the portage code too much yet, but to me it seems as there are two options: a) create a new variable in /etc/make.conf (FTP_PASSIVE) and use something as conn.set_pasv(mysettings["FTP_PASSIVE"]) in getbinpkg.py (quick hack) b) use the command stored in FETCHCOMMAND or FETCHCOMMAND_BIN. (best option, then people could use scp if they really wanted to)
I did just notice that the error said 'No route to host' which probably indicates that your name resolution for your server is wrong or the interface is unreachable due to routing restraints. You have an interesting setup. For a while I was thinking you were connecting in the opposite direction which is a lot more common with users. In portage-2.0.51_pre16, I have added a modifier for the hostname. If the last character of the hostname is a '*', then it will use an active connection. ftp://[user[:pass]@]host[:port][*]/[path...] ftp://myuser:mypass@binarypackages.com:51*/some/path ftp://binarypackages.com*/some/path
Bug has been fixed and released in stable portages on or before 2.0.51-r2
