[CentOS] yum through a squid proxy
peter.d.farrell at gmail.com
Thu Jul 19 10:01:07 UTC 2007
I don't see why that setup wouldn't work.
1. you've added yourself to the passwd file? (you don't have to be a
unix user existing in /etc/passwd
2. you run the export variable before using yum - or you've added this
to /etc/profile or your own .bash_profile file as well?
This is my squid.conf (see below) - nothing that I can see that would
allow / disallow access to an xml file. I run porn filters for my
network and allow ftp access to only 3 users, and allow windows
updates for the idiot boxes.
Testing - stop iptables. If you can access other site through the
proxy from links / elinks / lynx whatever, then you know it's working
as it should. Start iptables - try the same test again - if fails then
enable port 3128 in /etc/sysconfig/iptables
# squid server for internal
-A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3128 -j ACCEPT
I would look at my yum.conf after confirming the above. Comment out
everything except one. Run yum again, etc.
*also - keep in mind that if you have multiple terms open - and you're
manually exporting the proxy variable - it's a. not persistent and b.
only valid in the term that you set it in.
- Good luck.
-Peter Farrell -
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /data/squid/cache 2048 16 256
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Internet Access
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl ftp_allow proxy_auth_regex martin
acl ftp_allow proxy_auth_regex peter
acl ftp_allow proxy_auth_regex bhanu
acl all src 0.0.0.0/0.0.0.0
acl winupdate dstdomain .microsoft.com .windowsupdate.com
acl ftp proto FTP
acl ssl_ports port 443 # https
acl safe_ports port 80 1863 8888 443 # http, https
acl CONNECT method CONNECT
acl example dst 22.214.171.124/255.255.255.0
acl porn url_regex "/etc/squid/porn"
acl porn1 url_regex "/etc/squid/porn1"
acl porn2 url_regex "/etc/squid/porn2"
acl everyone proxy_auth REQUIRED
http_access allow winupdate
http_access allow example
http_access allow ftp_allow
http_access deny ftp
http_access deny !safe_ports
http_access deny CONNECT !ssl_ports
http_access deny porn
http_access deny porn1
http_access deny porn2
http_access allow everyone
http_access deny all
always_direct allow example
always_direct allow winupdate
no_cache deny example
no_cache deny winupdate
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr sysadmin at example.com
On 19/07/07, Dave <dmehler26 at woh.rr.com> wrote:
> I've got a centos5 box that is now behind a what was transparent squid
> proxy. The proxy now has it's own dedicated ip and uses proxy basic
> authentication. I've got a firewall that redirects all outgoing port 80
> traffic to that ip so anyone wishing access goes proxied. The problem is yum
> on my centos5 can't retrieve the .xml files for the various yum
> repositories. In the squid access.log on the router i'm seeing invalid
> request method. This means that the box isn't yet talking proxy and is still
> trying to go through direct. To my yum.conf file i added lines similar to
> # The proxy server - proxy server:port number
> # The account details for yum connections
> I tried port 80 on that proxy line with the same results. Telneting to that
> ip/port works fine, iptables isn't blocking it. On the firewall i added the
> yum-user to the password file and used squid's ncsa_auth program to confirm
> the username/password combination, output was a simple "ok". On the centos5
> box i did a service network restart, which didn't work, yum update gave me
> the same error.
> Any suggestions welcome.
> CentOS mailing list
> CentOS at centos.org
More information about the CentOS