Actually this is more of a suggestion than bug but here it
RPM seens to always use passive FTP. There are some
firewall implementations (we have one; I think it's based on
tis fwtk proxy package on freebsd) where passive FTP does
_NOT_ work with otherwise correct ftp proxy settings -
active mode is required. This might be the case with other
I'd like to see an option like --ftp-active or something
done. As it is, we can't do Redhat FTP installs or
updates w/ RPM now.
Created attachment 858 [details]
Preliminary patch for RPM-4.0.
Some more rationale:
- TIS FWTK can't cope with passive FTP (if you get it to work, please
tell me how ;) -- this is probably a problem with many other real proxy
firewalls with DMZ's too.
- Some Stateful firewalls can create dynamic access lists for active
mode, but don't support passive (and thus active mode is more secure)
- Some FTP servers have passive FTP mode disabled (usually tied to below)
- Some FTP servers are behind a restrictive packet filtering firewall
which allows only active FTP (this can create a situation where client
firewall/program only allows one mode, the server firewall the other).
This feature request is not being considered for current RPM development, users
are encouraged to use dependency solvers which have better handling of remote
package fetching than rpm cli.
To petition this feature into upstream rpm please use the rpm-devel list: