I don't see why that setup wouldn't work. 1. you've added yourself to the passwd file? (you don't have to be a unix user existing in /etc/passwd 2. you run the export variable before using yum - or you've added this to /etc/profile or your own .bash_profile file as well? export http_proxy=http://peter:password@192.168.25.25:3128 echo $http_proxy http://peter:password@192.168.25.25:3128 This is my squid.conf (see below) - nothing that I can see that would allow / disallow access to an xml file. I run porn filters for my network and allow ftp access to only 3 users, and allow windows updates for the idiot boxes. Testing - stop iptables. If you can access other site through the proxy from links / elinks / lynx whatever, then you know it's working as it should. Start iptables - try the same test again - if fails then enable port 3128 in /etc/sysconfig/iptables # squid server for internal -A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 3128 -j ACCEPT I would look at my yum.conf after confirming the above. Comment out everything except one. Run yum again, etc. *also - keep in mind that if you have multiple terms open - and you're manually exporting the proxy variable - it's a. not persistent and b. only valid in the term that you set it in. - Good luck. -Peter Farrell - -Cardiff, Wales =========================== SQUID.CONF =========================== hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir ufs /data/squid/cache 2048 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Internet Access auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl ftp_allow proxy_auth_regex martin acl ftp_allow proxy_auth_regex peter acl ftp_allow proxy_auth_regex bhanu acl all src 0.0.0.0/0.0.0.0 acl winupdate dstdomain .microsoft.com .windowsupdate.com acl ftp proto FTP acl ssl_ports port 443 # https acl safe_ports port 80 1863 8888 443 # http, https acl CONNECT method CONNECT acl example dst 21.21.21.0/255.255.255.0 acl porn url_regex "/etc/squid/porn" acl porn1 url_regex "/etc/squid/porn1" acl porn2 url_regex "/etc/squid/porn2" acl everyone proxy_auth REQUIRED http_access allow winupdate http_access allow example http_access allow ftp_allow http_access deny ftp http_access deny !safe_ports http_access deny CONNECT !ssl_ports http_access deny porn http_access deny porn1 http_access deny porn2 http_access allow everyone http_access deny all always_direct allow example always_direct allow winupdate no_cache deny example no_cache deny winupdate http_access deny all http_reply_access allow all icp_access allow all cache_mgr sysadmin at example.com cache_effective_user squid visible_hostname pollux.example.com unique_hostname pollux logfile_rotate 10 coredump_dir /var/log/squid/cache =========================== On 19/07/07, Dave <dmehler26 at woh.rr.com> wrote: > Hello, > I've got a centos5 box that is now behind a what was transparent squid > proxy. The proxy now has it's own dedicated ip and uses proxy basic > authentication. I've got a firewall that redirects all outgoing port 80 > traffic to that ip so anyone wishing access goes proxied. The problem is yum > on my centos5 can't retrieve the .xml files for the various yum > repositories. In the squid access.log on the router i'm seeing invalid > request method. This means that the box isn't yet talking proxy and is still > trying to go through direct. To my yum.conf file i added lines similar to > these: > > # The proxy server - proxy server:port number > proxy=http://mycache.mydomain.com:3128 > # The account details for yum connections > proxy_username=yum-user > proxy_password=qwerty > > I tried port 80 on that proxy line with the same results. Telneting to that > ip/port works fine, iptables isn't blocking it. On the firewall i added the > yum-user to the password file and used squid's ncsa_auth program to confirm > the username/password combination, output was a simple "ok". On the centos5 > box i did a service network restart, which didn't work, yum update gave me > the same error. > Any suggestions welcome. > Thanks. > Dave. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >