You can always use a transparent proxy if you want inetnet access, but don't want all ports with direct access outbound... P. Bryan J. Smith wrote: >Les Mikesell <lesmikesell at gmail.com> wrote: > > >>There are places where you might want to hand-configure >>IP addresses too, but DHCP is a lot handier. >> >> > >So what's the difference between configuring your system to >use DHCP and configuring your system to use a proxy? I >honestly don't get it. @-o > > > >>How is that a solution? Proxies are used where you don't >>allow direct outbound access. How do you do ftp without >>configuring a proxy on every client? >> >> > >The question is, why aren't you configuring software for a >proxy in the first place? You do it once ... done.| > > > >>How do you propose this should work without per-box >>configuration? >> >> > >Why don't you just configure it at install-time, like >everything else? Again, I don't understand how this is >different than anything else you configure at install-time. > >Furthermore, we're back to the "how to you change anything on >all systems when you need to?" Don't you have some sort of >configuration management of all your Linux systems? >Something that can redistribute system changes to all >systems? > >This has nothing to do with YUM. > > > >>OK - ftp breaks when you NAT it too - sometimes. >> >> > >I'm not talking about just FTP, I'm talking about HTTP too. >HTTP can and _does_ break because it's a stream protocol that >carries a lot of rich service data over it. Some of those >rich service data streams don't take kindly to transparent >proxies. > >[ As a side note, I mentioned that HTTP-based repositories >should use WebDAV services instead. Because WebDAV adds file >management to the protocol. ] > > > >>Of what? >> >> > >Of the CentOS repository. > > > >>Yes, just mirror the whole internet locally - or at least >>all yummable repositories... >> >> > >Of the packages you use, yes. Take some load off the CentOS >mirrors if you have enough systems. > > > >>And all of the fedora repositories, and all the 3rd party >>add on repositories, and the k12ltsp variations, and the >>ubuntu/debian apt repositories. >> >> > >Yes! Once you have the first sync, it is not much to >download a day. In fact, if you're about conserving the >bandwidth you use for updates, hell yes! If your point is >that you have all those repositories to sync from and that is >a "burden," then my counter-point is "Exactly! You're >yanking from all those different repositories from _multiple_ >systems already -- so why not just do it from _one_?" ;-> > >When you have a number of systems, there is _no_negative_ to >this, other than having the disk space required! APT And YUM >repositories are "dumb" FTP/HTTP stores. rsync down and >serve. Save your bandwidth and save your headaches. > > > >>It doesn't make sense to cache things unless at least one >>person uses it. >> >> > >Now I'm really confused. If you're not using a repository, >then do _not_ mirror it. I don't understand that point you >just made. Or are you adding yet more unrelated items just >to make a point? > > > >>The point of the internet is that you can get the latest >>when you need it, and the point of a cache is that only one >>person has to wait. >> >> > >We're talking about software repositories. If you are >pulling multiple files from multiple systems, mirror it. >These aren't some arbitrary web sites, they are known >repositories. > >If you have enough systems, you should be doing this anyway >-- out of sheer configuration management principles. You >don't want people grabbing arbitrary software on a mass >number of systems, but only what you allow from your own >repositories. > >If you don't have a lot of systems, then take the few seconds >to add the proxy line during install -- or make it part of >your Kickstart post-install script, etc... (whatever you >normally do at install-time). > > > >>Yes, CentOS is as much a victim as the other distros on >>this point. >> >> > >I just don't know what you expect CentOS to solve. > > > >