> > Hi, > I find myself in a complicated situation and would like to ask the > oracle (choke!) for help. I would like to install the packages from > the continuous release repo and the yum config for this repo says > > baseurl=http://mirror.centos.org/centos/$releasever/cr/$basearch/ > > well, I definitely do not want to allow worldwide outgoing http so I > try to find the IPs > > # host mirror.centos.org > mirror.centos.org has address 220.127.116.11 > > but! wait... > > # host mirror.centos.org > mirror.centos.org has address 18.104.22.168 > > dns round robin is not very helpful for me doing firewall rules. > How would you solve this yum and firewall thing? > - -- > Kind Regards, Markus Falb I think your best bet would be either 1) take a host you're more comfortable with having http access to the world, change it to run squid, perhaps putting limit rules in squid to only allow http requests to download.centos.org (or whatever), then point your more secured host to this machine as your proxy server. 2) find a likewise host that you can allow pretty much any outbout http traffic on that also has a pretty good amount of disk space free and usable, then use it to pull in a local mirror of the cent archives. and over ride DNS results with local /etc/host rules for dns results. or just live dangerously and pick one host that you're pretty sure will be up and over ride the DNS rotor with your own local dns configs/etc/hosts entries... but that's kinda riding dirty. I probably shouldn't even suggest it. but I'm far from being an oracle. not even a sybase. -- Even the Magic 8 ball has an opinion on email clients: Outlook not so good.