On Sun, May 30, 2010 at 4:26 AM, Casey Allen Shobe <ca...@shobe.info> wrote:
> I also upgraded my home machine (on a public IP) from 4.6 to 4.7 and did > not run into the same problems. I can also try a fresh install of 4.7 on > the work network - it won't take long. I'll also do a fresh install of 4.6, > to verify that it is something that changed in the release, rather than a > network- or machine-specific issue. > Alright, glad I tested this out, because I was wrong about this being a problem that showed up in 4.7 - it is the same in 4.6. I had PKG_PATH set in a .profile on every machine and was using HTTP before - didn't pay attention when I replaced it with a new FTP URL I guess, because I thought I was using FTP before...backups proved me wrong though. Sorry about mistaking the old path, but I guess it's good because had I not thought it to be a regression, I probably wouldn't have looked into it. The rest of the diagnosis should be sound though, I think. On Sun, May 30, 2010 at 8:34 AM, Stuart Henderson <s...@spacehopper.org>wrote: > [ reply-to set, please honour it (or change it to tech@), don't > crosspost between misc and tech. ] > Alright, will do - sorry, new to these mailing lists... > On the one hand it's useful to know that the network connection is > broken, but that's about the only advantage I can see, on the other > hand if you're actually trying to fetch files (especially from a > *server* behind a broken nat device that's not under your control) > it's a real pain. > Well, to play devil's advocate a bit, these aren't really servers except in the X11 sense - they're administrative workstations. But one thing I'd like to point out is that the NAT is not actually broken - it just doesn't take RFC2428 into consideration, which is pretty reasonable since that RFC came out in late 1998 and the NAT device we have I think came out the same year, or perhaps the next one. That's also two years after they originally predicted IPv6 becoming widely-used, heh... I'd happily replace it with an OpenBSD machine, but the powers that be won't have that (I work for an international non-profit with control issues that compliments their lack of actual security and best practices nicely). Our site is fine as we operate mostly-independently, but dealing with anyone up the chain is a horrendous experience best avoided. They also spent the money for a lifetime support option, so we *could*, for free, upgrade the software to be much newer and surely supporting EPSV/EPRT, but we don't have access to do that. Yet, that money wasted years ago is excuse for us to never replace the thing unless it sustains hardware failure. I'd be readying my bat...but our nonexistent recovery plan keeps me leery... ;) We mirror distfiles for some ports because of this... > I'll be setting up a local mirror once time/bandwidth allow for it, which should be within the week. :) -- Casey Allen Shobe ca...@shobe.info
