[CentOS] yum through a squid proxy

Peter Farrell peter.d.farrell at gmail.com
Thu Jul 19 10:01:07 UTC 2007


I don't see why that setup wouldn't work.
1. you've added yourself to the passwd file? (you don't have to be a
unix user existing in /etc/passwd
2. you run the export variable before using yum - or you've added this
to /etc/profile or your own .bash_profile file as well?

export http_proxy=http://peter:password@192.168.25.25:3128
echo $http_proxy
http://peter:password@192.168.25.25:3128

This is my squid.conf (see below) - nothing that I can see that would
allow / disallow access to an xml file. I run porn filters for my
network and allow ftp access to only 3 users, and allow windows
updates for the idiot boxes.

Testing - stop iptables. If you can access other site through the
proxy from links / elinks / lynx whatever, then you know it's working
as it should. Start iptables - try the same test again - if fails then
enable port 3128 in /etc/sysconfig/iptables

# squid server for internal
-A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3128 -j ACCEPT

I would look at my yum.conf after confirming the above. Comment out
everything except one. Run yum again, etc.

*also - keep in mind that if you have multiple terms open - and you're
manually exporting the proxy variable - it's a. not persistent and b.
only valid in the term that you set it in.

- Good luck.
-Peter Farrell -
-Cardiff, Wales
===========================
SQUID.CONF
===========================
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /data/squid/cache 2048 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Internet Access
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl ftp_allow proxy_auth_regex martin
acl ftp_allow proxy_auth_regex peter
acl ftp_allow proxy_auth_regex bhanu
acl all src 0.0.0.0/0.0.0.0
acl winupdate dstdomain .microsoft.com .windowsupdate.com
acl ftp proto FTP
acl ssl_ports port 443      # https
acl safe_ports port 80 1863 8888 443  # http, https
acl CONNECT method CONNECT
acl example dst 21.21.21.0/255.255.255.0
acl porn url_regex "/etc/squid/porn"
acl porn1 url_regex "/etc/squid/porn1"
acl porn2 url_regex "/etc/squid/porn2"
acl everyone proxy_auth REQUIRED
http_access allow winupdate
http_access allow example
http_access allow ftp_allow
http_access deny ftp
http_access deny !safe_ports
http_access deny CONNECT !ssl_ports
http_access deny porn
http_access deny porn1
http_access deny porn2
http_access allow everyone
http_access deny all
always_direct allow example
always_direct allow winupdate
no_cache deny example
no_cache deny winupdate
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr sysadmin at example.com
cache_effective_user squid
visible_hostname pollux.example.com
unique_hostname pollux
logfile_rotate 10
coredump_dir /var/log/squid/cache
===========================

On 19/07/07, Dave <dmehler26 at woh.rr.com> wrote:
> Hello,
>     I've got a centos5 box that is now behind a what was transparent squid
> proxy. The proxy now has it's own dedicated ip and uses proxy basic
> authentication. I've got a firewall that redirects all outgoing port 80
> traffic to that ip so anyone wishing access goes proxied. The problem is yum
> on my centos5 can't retrieve the .xml files for the various yum
> repositories. In the squid access.log on the router i'm seeing invalid
> request method. This means that the box isn't yet talking proxy and is still
> trying to go through direct. To my yum.conf file i added lines similar to
> these:
>
> # The proxy server - proxy server:port number
> proxy=http://mycache.mydomain.com:3128
> # The account details for yum connections
> proxy_username=yum-user
> proxy_password=qwerty
>
> I tried port 80 on that proxy line with the same results. Telneting to that
> ip/port works fine, iptables isn't blocking it. On the firewall i added the
> yum-user to the password file and used squid's ncsa_auth program to confirm
> the username/password combination, output was a simple "ok". On the centos5
> box i did a service network restart, which didn't work, yum update gave me
> the same error.
>     Any suggestions welcome.
>     Thanks.
> Dave.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



More information about the CentOS mailing list