[CentOS] cr repo and firewalling

Tue Jan 15 22:15:36 UTC 2013
Markus Falb <markus.falb at fasel.at>

On 15.1.2013 22:10, zGreenfelder wrote:

>> dns round robin is not very helpful for me doing firewall rules.
>> How would you solve this yum and firewall thing?
>> - --
>> Kind Regards, Markus Falb
> I think your best bet would be either
> 1) take a host you're more comfortable with having http access to the
> world, change it to  run squid, perhaps putting limit rules in squid
> to only allow http requests to download.centos.org (or whatever), then
> point your more secured host to this machine as your proxy server.
> 2) find a likewise host that you can allow pretty much any outbout
> http traffic on that also has a pretty good amount of disk space free
> and usable, then use it to pull in a local mirror of the cent
> archives. and over ride DNS results with local /etc/host rules for dns
> results.

If I understood what you said I would rephrase it with less words like

1) set up a proxy and filter the host: header
2) do a local mirror

Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130115/a257ef23/attachment-0004.sig>