[CentOS] cr repo and firewalling

Tue Jan 15 21:10:04 UTC 2013
zGreenfelder <zgreenfelder at gmail.com>

> Hi,
> I find myself in a complicated situation and would like to ask the
> oracle (choke!) for help. I would like to install the packages from
> the continuous release repo and the yum config for this repo says
> baseurl=http://mirror.centos.org/centos/$releasever/cr/$basearch/
> well, I definitely do not want to allow worldwide outgoing http so I
> try to find the IPs
> # host mirror.centos.org
> mirror.centos.org has address
> but! wait...
> # host mirror.centos.org
> mirror.centos.org has address
> dns round robin is not very helpful for me doing firewall rules.
> How would you solve this yum and firewall thing?
> - --
> Kind Regards, Markus Falb

I think your best bet would be either
1) take a host you're more comfortable with having http access to the
world, change it to  run squid, perhaps putting limit rules in squid
to only allow http requests to download.centos.org (or whatever), then
point your more secured host to this machine as your proxy server.
2) find a likewise host that you can allow pretty much any outbout
http traffic on that also has a pretty good amount of disk space free
and usable, then use it to pull in a local mirror of the cent
archives. and over ride DNS results with local /etc/host rules for dns

or just live dangerously and pick one host that you're pretty sure
will be up and over ride the DNS rotor with your own local dns
configs/etc/hosts entries...   but that's kinda riding dirty.   I
probably shouldn't even suggest it.

but I'm far from being an oracle.     not even a sybase.
Even the Magic 8 ball has an opinion on email clients: Outlook not so good.