[CentOS] yum through a squid proxy
dmehler26 at woh.rr.com
Thu Jul 19 11:45:21 UTC 2007
Thanks. I tried exporting an http_proxy environment variable, it still
doesn't like the proxy. Adding the options to yum.conf isn't happy either. I
am open to suggestions, what authentication scheme is yum communicating to
the proxy with?
----- Original Message -----
From: "Peter Farrell" <peter.d.farrell at gmail.com>
To: "CentOS mailing list" <centos at centos.org>
Sent: Thursday, July 19, 2007 6:01 AM
Subject: Re: [CentOS] yum through a squid proxy
>I don't see why that setup wouldn't work.
> 1. you've added yourself to the passwd file? (you don't have to be a
> unix user existing in /etc/passwd
> 2. you run the export variable before using yum - or you've added this
> to /etc/profile or your own .bash_profile file as well?
> export http_proxy=http://peter:email@example.com:3128
> echo $http_proxy
> This is my squid.conf (see below) - nothing that I can see that would
> allow / disallow access to an xml file. I run porn filters for my
> network and allow ftp access to only 3 users, and allow windows
> updates for the idiot boxes.
> Testing - stop iptables. If you can access other site through the
> proxy from links / elinks / lynx whatever, then you know it's working
> as it should. Start iptables - try the same test again - if fails then
> enable port 3128 in /etc/sysconfig/iptables
> # squid server for internal
> -A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 3128 -j ACCEPT
> I would look at my yum.conf after confirming the above. Comment out
> everything except one. Run yum again, etc.
> *also - keep in mind that if you have multiple terms open - and you're
> manually exporting the proxy variable - it's a. not persistent and b.
> only valid in the term that you set it in.
> - Good luck.
> -Peter Farrell -
> -Cardiff, Wales
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_dir ufs /data/squid/cache 2048 16 256
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
> auth_param basic children 5
> auth_param basic realm Internet Access
> auth_param basic credentialsttl 2 hours
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl ftp_allow proxy_auth_regex martin
> acl ftp_allow proxy_auth_regex peter
> acl ftp_allow proxy_auth_regex bhanu
> acl all src 0.0.0.0/0.0.0.0
> acl winupdate dstdomain .microsoft.com .windowsupdate.com
> acl ftp proto FTP
> acl ssl_ports port 443 # https
> acl safe_ports port 80 1863 8888 443 # http, https
> acl CONNECT method CONNECT
> acl example dst 126.96.36.199/255.255.255.0
> acl porn url_regex "/etc/squid/porn"
> acl porn1 url_regex "/etc/squid/porn1"
> acl porn2 url_regex "/etc/squid/porn2"
> acl everyone proxy_auth REQUIRED
> http_access allow winupdate
> http_access allow example
> http_access allow ftp_allow
> http_access deny ftp
> http_access deny !safe_ports
> http_access deny CONNECT !ssl_ports
> http_access deny porn
> http_access deny porn1
> http_access deny porn2
> http_access allow everyone
> http_access deny all
> always_direct allow example
> always_direct allow winupdate
> no_cache deny example
> no_cache deny winupdate
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> cache_mgr sysadmin at example.com
> cache_effective_user squid
> visible_hostname pollux.example.com
> unique_hostname pollux
> logfile_rotate 10
> coredump_dir /var/log/squid/cache
> On 19/07/07, Dave <dmehler26 at woh.rr.com> wrote:
>> I've got a centos5 box that is now behind a what was transparent
>> proxy. The proxy now has it's own dedicated ip and uses proxy basic
>> authentication. I've got a firewall that redirects all outgoing port 80
>> traffic to that ip so anyone wishing access goes proxied. The problem is
>> on my centos5 can't retrieve the .xml files for the various yum
>> repositories. In the squid access.log on the router i'm seeing invalid
>> request method. This means that the box isn't yet talking proxy and is
>> trying to go through direct. To my yum.conf file i added lines similar to
>> # The proxy server - proxy server:port number
>> # The account details for yum connections
>> I tried port 80 on that proxy line with the same results. Telneting to
>> ip/port works fine, iptables isn't blocking it. On the firewall i added
>> yum-user to the password file and used squid's ncsa_auth program to
>> the username/password combination, output was a simple "ok". On the
>> box i did a service network restart, which didn't work, yum update gave
>> the same error.
>> Any suggestions welcome.
>> CentOS mailing list
>> CentOS at centos.org
> CentOS mailing list
> CentOS at centos.org
More information about the CentOS