I don't see why that setup wouldn't work.
1. you've added yourself to the passwd file? (you don't have to be a
unix user existing in /etc/passwd
2. you run the export variable before using yum - or you've added this
to /etc/profile or your own .bash_profile file as well?
export http_proxy=http://peter:password@xxxxxxxxxxxxx:3128
echo $http_proxy
http://peter:password@xxxxxxxxxxxxx:3128
This is my squid.conf (see below) - nothing that I can see that would
allow / disallow access to an xml file. I run porn filters for my
network and allow ftp access to only 3 users, and allow windows
updates for the idiot boxes.
Testing - stop iptables. If you can access other site through the
proxy from links / elinks / lynx whatever, then you know it's working
as it should. Start iptables - try the same test again - if fails then
enable port 3128 in /etc/sysconfig/iptables
# squid server for internal
-A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3128 -j ACCEPT
I would look at my yum.conf after confirming the above. Comment out
everything except one. Run yum again, etc.
*also - keep in mind that if you have multiple terms open - and you're
manually exporting the proxy variable - it's a. not persistent and b.
only valid in the term that you set it in.
- Good luck.
-Peter Farrell -
-Cardiff, Wales
===========================
SQUID.CONF
===========================
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /data/squid/cache 2048 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Internet Access
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl ftp_allow proxy_auth_regex martin
acl ftp_allow proxy_auth_regex peter
acl ftp_allow proxy_auth_regex bhanu
acl all src 0.0.0.0/0.0.0.0
acl winupdate dstdomain .microsoft.com .windowsupdate.com
acl ftp proto FTP
acl ssl_ports port 443 # https
acl safe_ports port 80 1863 8888 443 # http, https
acl CONNECT method CONNECT
acl example dst 21.21.21.0/255.255.255.0
acl porn url_regex "/etc/squid/porn"
acl porn1 url_regex "/etc/squid/porn1"
acl porn2 url_regex "/etc/squid/porn2"
acl everyone proxy_auth REQUIRED
http_access allow winupdate
http_access allow example
http_access allow ftp_allow
http_access deny ftp
http_access deny !safe_ports
http_access deny CONNECT !ssl_ports
http_access deny porn
http_access deny porn1
http_access deny porn2
http_access allow everyone
http_access deny all
always_direct allow example
always_direct allow winupdate
no_cache deny example
no_cache deny winupdate
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr sysadmin@xxxxxxxxxxx
cache_effective_user squid
visible_hostname pollux.example.com
unique_hostname pollux
logfile_rotate 10
coredump_dir /var/log/squid/cache
===========================
On 19/07/07, Dave <dmehler26@xxxxxxxxxx> wrote:
Hello,
I've got a centos5 box that is now behind a what was transparent squid
proxy. The proxy now has it's own dedicated ip and uses proxy basic
authentication. I've got a firewall that redirects all outgoing port 80
traffic to that ip so anyone wishing access goes proxied. The problem is yum
on my centos5 can't retrieve the .xml files for the various yum
repositories. In the squid access.log on the router i'm seeing invalid
request method. This means that the box isn't yet talking proxy and is still
trying to go through direct. To my yum.conf file i added lines similar to
these:
# The proxy server - proxy server:port number
proxy=http://mycache.mydomain.com:3128
# The account details for yum connections
proxy_username=yum-user
proxy_password=qwerty
I tried port 80 on that proxy line with the same results. Telneting to that
ip/port works fine, iptables isn't blocking it. On the firewall i added the
yum-user to the password file and used squid's ncsa_auth program to confirm
the username/password combination, output was a simple "ok". On the centos5
box i did a service network restart, which didn't work, yum update gave me
the same error.
Any suggestions welcome.
Thanks.
Dave.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
