wget fails to accept 5 digit port numbers in epsv responses (at least for ipv6). https://www.marshut.net/kuurst/wget-doesn-t-handle-5-digit-port-numbers-in-epsv-reponses.html already fixed at: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=5e3a76073157510b1040578e70cb1234759a730f Ran into this when trying to: wget ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-0.8.2.tar.bz2 Machine in question has both global ipv6 and nat'ted ipv4. --2015-01-09 15:46:53-- ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-0.8.0.tar.gz => ‘ipsec-tools-0.8.0.tar.gz’ Resolving ftp.netbsd.org (ftp.netbsd.org)... 2001:470:1f05:3d::21, 199.233.217.249 Connecting to ftp.netbsd.org (ftp.netbsd.org)|2001:470:1f05:3d::21|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/NetBSD/misc/ipsec-tools/0.8 ... done. ==> SIZE ipsec-tools-0.8.0.tar.gz ... 1057292 ==> EPSV ... Cannot parse PASV response. ==> EPRT ... done. ==> RETR ipsec-tools-0.8.0.tar.gz ... Error in server response, closing control connection. Retrying. tcpdump shows problem is "Entering Extended Passive Mode (|||63323|)" response, which is valid, failing to parse. The fall back to EPRT fails because of local-to-machine firewall. Curiously wget -4 succeeds. (it is perhaps a separate bug that it doesn't automatically fall back to ipv4).
Oh, IPv4 succeeds because it uses 'PASV' not 'EPSV' -2015-01-09 16:08:47-- ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-0.8.2.tar.bz2 => ‘ipsec-tools-0.8.2.tar.bz2’ Resolving ftp.netbsd.org (ftp.netbsd.org)... 199.233.217.249 Connecting to ftp.netbsd.org (ftp.netbsd.org)|199.233.217.249|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/NetBSD/misc/ipsec-tools/0.8 ... done. ==> SIZE ipsec-tools-0.8.2.tar.bz2 ... 866465 ==> PASV ... done. ==> RETR ipsec-tools-0.8.2.tar.bz2 ... done. Length: 866465 (846K) (unauthoritative) ipsec-tools-0.8.2.t 100%[=====================>] 846.16K 1.05MB/s in 0.8s 2015-01-09 16:08:48 (1.05 MB/s) - ‘ipsec-tools-0.8.2.tar.bz2’ saved [866465]
wget-1.16.1-3.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/wget-1.16.1-3.fc21
Package wget-1.16.1-3.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing wget-1.16.1-3.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-0614/wget-1.16.1-3.fc21 then log in and leave karma (feedback).
Ack, works. 0x0040: 0000 0017 1a26 442f 3232 3920 456e 7465 .....&D/229.Ente 0x0050: 7269 6e67 2045 7874 656e 6465 6420 5061 ring.Extended.Pa 0x0060: 7373 6976 6520 4d6f 6465 2028 7c7c 7c35 ssive.Mode.(|||5 0x0070: 3830 3337 7c29 0d0a 8037|). [root@eonwe tmp]# wget ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-0.8.2.tar.bz2 --2015-01-14 09:05:48-- ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-0.8.2.tar.bz2 => ‘ipsec-tools-0.8.2.tar.bz2.4’ Resolving ftp.netbsd.org (ftp.netbsd.org)... 2001:470:a085:999::21, 199.233.217.226 Connecting to ftp.netbsd.org (ftp.netbsd.org)|2001:470:a085:999::21|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/NetBSD/misc/ipsec-tools/0.8 ... done. ==> SIZE ipsec-tools-0.8.2.tar.bz2 ... 866465 ==> EPSV ... done. ==> RETR ipsec-tools-0.8.2.tar.bz2 ... done. Length: 866465 (846K) (unauthoritative) ipsec-tools-0.8.2.t 100%[=====================>] 846.16K 680KB/s in 1.2s 2015-01-14 09:06:01 (680 KB/s) - ‘ipsec-tools-0.8.2.tar.bz2.4’ saved [866465]
wget-1.16.1-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.