Home » Mailing list archives » openbsd-misc » 2008 » June » 11

Re: pkg_add errors

Previous thread: command history in ksh missed when I set $EDITOR by Tomas Bodzar on Wednesday, June 11, 2008 - 12:57 am. (6 messages)

Next thread: Enabling ipv6 in only one interface by carlopmart on Wednesday, June 11, 2008 - 8:44 am. (3 messages)
[view original message]
From: c l
Subject: pkg_add errors
Date: Wednesday, June 11, 2008 - 8:22 am

Anyone else get this message when doing pkg_add's from ftp sites?

421 There are too many connections from your internet address

I get this on all my openbsd boxes, 4.3 and -current from June 10, 2008.

All of them are behind either a cisco pix or 4.3 -release firewall.

It seems to happen with just about any package that has a few dependencies.



_________________________________________________________________
Search that pays you back! Introducing Live Search cashback.
http://search.live.com/cashback/?&pkw=form=MIJAAF/publ=HMTGL/crea=srchpaysyou
back


[ message continues ]
[view original message]
From: Lars Noodén
Subject: Re: pkg_add errors
Date: Wednesday, June 11, 2008 - 8:30 am

How about using an ftp proxy/cache behind your cisco pix?  It should
speed things up, too.

Regards,
-Lars


[ message continues ]
[view original message]
From: Marc Espie
Subject: Re: pkg_add errors
Date: Wednesday, June 11, 2008 - 4:00 pm

Looks like you have some proxying mechanism which fucks up. It definitely
appears that your ftp client is not terminating client properly, something
eats the connection termination.

As said, if you are behind a nat, you should definitely make sure you have
ftp proxying running, so that the connections are tracked correctly.

Otherwise, use an http mirror, it doesn't have this shortcoming.


[ message continues ]
[view original message]
From: c l
Subject: Re: pkg_add errors
Date: Thursday, June 12, 2008 - 4:57 am

For the boxes behind the 4.3 firewall I made sure of the ftp-proxy setup is in
order.  I also stripped down my pf rules to a bare minimum.  Now when I
pkg_add from ftp.openbsd.org it gets farther along but still throws the "too
many connections" error after a bit.  I tried a different mirror and it worked
fine.  As long as I get it to work from one mirror or another I'll be fine.

Here's some of my config so more eyes can see it...

ftp-proxy is running
proxy    14500  0.0  0.1   540  1000 p3  S+     8:49PM    0:01.27
/usr/sbin/ftp-proxy

stripped down pf rules for testing
ext_if="fxp2"
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if inet proto tcp to port ftp -> \
        127.0.0.1 port 8021
nat on $ext_if from !($ext_if) -> ($ext_if:0)
anchor "ftp-proxy/*"
pass all
_________________________________________________________________
Its easy to add contacts from Facebook and other social sites through Windows
Live Messenger. Learn how.
https://www.invite2messenger.net/im/?source=TXT_EML_WLH_LearnHow


[ message continues ]
Previous thread: command history in ksh missed when I set $EDITOR by Tomas Bodzar on Wednesday, June 11, 2008 - 12:57 am. (6 messages)

Next thread: Enabling ipv6 in only one interface by carlopmart on Wednesday, June 11, 2008 - 8:44 am. (3 messages)