[CentOS] yum with a proxy

Wed Dec 7 15:12:24 UTC 2011
Johnny Hughes <johnny at centos.org>

On 12/07/2011 09:03 AM, Philippe Naudin wrote:
> Hello,
> 
> While yum is configured to use a proxy, like this :
>  [base]
>  name=CentOS-$releasever - Base
>  mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
>  #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
>  gpgcheck=1
>  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>  proxy=http://proxy.lasb:3128
> 
> it still make some attempts to connect directly to Internet (tcp 80).
> These attempts are denied and logged by the firewall.
> 
> If I comment out the line mirrorlist= and uncomment the line
> baseurl= then there is no more direct connexion to Internet.
> (N.B. : in both cases, yum works well despite the access denied.)
> 
> I have tried to add a line proxy= to fastestmirror.conf, but it 
> doesn't change anything. I can't put proxy= in /etc/yum.conf
> because I also have a local repo.
> 
> Any idea on how to avoid these connexion to Internet ?

fastestmirror is designed to make direct connections to remote sites,
time them, and then pick the fastest mirror from that machine to a
specific mirror.  If your machine can not connect directly to the
external mirror, it is going to cause issues.

It works ok through most transparent proxies (though, the connection
times are going to be to the proxy, and all the same and very low, and
not valid for the purpose of fastest mirror) ... it does not work with
proxies that require a password or non port 80 proxies.

If you have a web proxy, you will most likely need to not use fastest
mirror.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111207/f893b1a4/attachment-0005.sig>