Bug 4345

Summary: [PATCH]: Active FTP mode for RPM.
Product: [Retired] Red Hat Linux Reporter: Pekka Savola <pekkas>
Component: rpmAssignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: aleksey
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-29 14:54:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Preliminary patch for RPM-4.0. none

Description Pekka Savola 1999-08-04 08:24:01 UTC 
Actually this is more of a suggestion than bug but here it
comes..

RPM seens to always use passive FTP.  There are some
firewall implementations (we have one; I think it's based on
tis fwtk proxy package on freebsd) where passive FTP does
_NOT_ work with otherwise correct ftp proxy settings -
active mode is required.  This might be the case with other
proxy-firewalls too.

I'd like to see an option like --ftp-active or something
done.  As it is, we can't do Redhat FTP installs or
updates w/ RPM now.
Comment 1 Pekka Savola 2000-07-04 10:22:36 UTC 
Created attachment 858 [details]
Preliminary patch for RPM-4.0.
Comment 2 Pekka Savola 2000-07-15 20:00:54 UTC 
Some more rationale:

 - TIS FWTK can't cope with passive FTP (if you get it to work, please
tell me how ;) -- this is probably a problem with many other real proxy
firewalls with DMZ's too.
 - Some Stateful firewalls can create dynamic access lists for active
mode, but don't support passive (and thus active mode is more secure)
 - Some FTP servers have passive FTP mode disabled (usually tied to below)
 - Some FTP servers are behind a restrictive packet filtering firewall
which allows only active FTP (this can create a situation where client
firewall/program only allows one mode, the server firewall the other).
Comment 3 Paul Nasrat 2005-09-29 14:54:10 UTC 
This feature request is not being considered for current RPM development, users
are encouraged to use dependency solvers which have better handling of remote
package fetching than rpm cli.

To petition this feature into upstream rpm please use the rpm-devel list:

https://lists.dulug.duke.edu/mailman/listinfo/rpm-devel