# FreeBSD FTP: Permission denied



## micski (Nov 18, 2014)

I am trying to install the sources on a remote virtual machine. However, I am confused, that the system is dealing with permission issues. The error is the same, whether using command line oneliner - or logging in manually and getting the file. There is no firewall restrictions for outbound traffic.


```
[CMD]$ ftp ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.1-RELEASE/src.txz[/CMD]
Trying 193.162.146.4:21 ...
Connected to ftp.geo.freebsd.org.
220 beastie.tdk.net FTP server (Version 6.00LS) ready.
331 Guest login ok, send your email address as password.
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to I.
250 CWD command successful.
250 CWD command successful.
250 CWD command successful.
250 CWD command successful.
250 CWD command successful.
250 CWD command successful.
local: src.txz remote: src.txz
ftp: Can't access `src.txz': Permission denied
221 Goodbye.
```

I initially tried the SubVersion method. However, after hours and error halts, I thought, I might go for a direct download and extract method instead. This is also recommended by RootBSD.


----------



## micski (Nov 19, 2014)

For what it is worth, the problem could be solved by manually allowing inbound traffic from ftp.freebsd.org. I assumed, that the outbound initiation would allow this in todays firewalls.


----------



## SirDice (Nov 19, 2014)

micski said:


> For what it is worth, the problem could be solved by manually allowing inbound traffic from ftp.freebsd.org. I assumed, that the outbound initiation would allow this in todays firewalls.


Active FTP vs. Passive FTP, a Definitive Explanation


----------



## kpa (Nov 19, 2014)

You should set FTP_MODE to passive in your environment so that ftp(1) uses the passive mode by default. The command line option -p also forces passive mode. Active mode FTP is a horribly broken protocol and should be avoided if possible.

Unfortunately none of the firewalls in FreeBSD understand the concept of related traffic like IPFilter in Linux does so the automatic passtrough of active mode FTP is not possible without using a proxy such as the built-in ftp-proxy(8).


----------



## SirDice (Nov 19, 2014)

kpa said:


> Unfortunately none of the firewalls in FreeBSD understand the concept of related traffic like IPFilter in Linux does so the automatic passtrough of active mode FTP is not possible without using a proxy such as the built-in ftp-proxy(8).


Iptables doesn't understand it either, at least not without additional modules like conntrack_ftp


----------



## kpa (Nov 19, 2014)

SirDice said:


> Iptables doesn't understand it either, at least not without additional modules like conntrack_ftp



Yeah but that's a kernel level addition unlike on FreeBSD where you need a user space daemon to handle the proxying.


----------

