Hello, While yum is configured to use a proxy, like this : [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 proxy=http://proxy.lasb:3128 it still make some attempts to connect directly to Internet (tcp 80). These attempts are denied and logged by the firewall. If I comment out the line mirrorlist= and uncomment the line baseurl= then there is no more direct connexion to Internet. (N.B. : in both cases, yum works well despite the access denied.) I have tried to add a line proxy= to fastestmirror.conf, but it doesn't change anything. I can't put proxy= in /etc/yum.conf because I also have a local repo. Any idea on how to avoid these connexion to Internet ? TIA, -- Philippe Naudin UMR MISTEA : Math?matiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, b?timent 29 - 2 place Viala - 34060 Montpellier cedex 2 t?l: 04.99.61.26.34, fax: 04.99.61.29.03, m?l: naudin at supagro.inra.fr
On 12/07/2011 09:03 AM, Philippe Naudin wrote:> Hello, > > While yum is configured to use a proxy, like this : > [base] > name=CentOS-$releasever - Base > mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os > #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ > gpgcheck=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > proxy=http://proxy.lasb:3128 > > it still make some attempts to connect directly to Internet (tcp 80). > These attempts are denied and logged by the firewall. > > If I comment out the line mirrorlist= and uncomment the line > baseurl= then there is no more direct connexion to Internet. > (N.B. : in both cases, yum works well despite the access denied.) > > I have tried to add a line proxy= to fastestmirror.conf, but it > doesn't change anything. I can't put proxy= in /etc/yum.conf > because I also have a local repo. > > Any idea on how to avoid these connexion to Internet ?fastestmirror is designed to make direct connections to remote sites, time them, and then pick the fastest mirror from that machine to a specific mirror. If your machine can not connect directly to the external mirror, it is going to cause issues. It works ok through most transparent proxies (though, the connection times are going to be to the proxy, and all the same and very low, and not valid for the purpose of fastest mirror) ... it does not work with proxies that require a password or non port 80 proxies. If you have a web proxy, you will most likely need to not use fastest mirror. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20111207/f893b1a4/attachment.sig>
Le mer 07 d?c 2011 09:12:24 CET, Johnny Hughes a ?crit:> On 12/07/2011 09:03 AM, Philippe Naudin wrote: > > Hello, > > > > While yum is configured to use a proxy, like this : > > [base] > > name=CentOS-$releasever - Base > > mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os > > #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ > > gpgcheck=1 > > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > > proxy=http://proxy.lasb:3128 > > > > it still make some attempts to connect directly to Internet (tcp 80). > > These attempts are denied and logged by the firewall. > > > > If I comment out the line mirrorlist= and uncomment the line > > baseurl= then there is no more direct connexion to Internet. > > (N.B. : in both cases, yum works well despite the access denied.) > > > > I have tried to add a line proxy= to fastestmirror.conf, but it > > doesn't change anything. I can't put proxy= in /etc/yum.conf > > because I also have a local repo. > > > > Any idea on how to avoid these connexion to Internet ? > > fastestmirror is designed to make direct connections to remote sites, > time them, and then pick the fastest mirror from that machine to a > specific mirror. If your machine can not connect directly to the > external mirror, it is going to cause issues. > > It works ok through most transparent proxies (though, the connection > times are going to be to the proxy, and all the same and very low, and > not valid for the purpose of fastest mirror) ... it does not work with > proxies that require a password or non port 80 proxies. > > If you have a web proxy, you will most likely need to not use fastest > mirror.Thanks for your answer : indeed, adding enabled=0 to fastestmirror.conf solves the problem. -- Philippe Naudin UMR MISTEA : Math?matiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, b?timent 29 - 2 place Viala - 34060 Montpellier cedex 2 t?l: 04.99.61.26.34, fax: 04.99.61.29.03, m?l: naudin at supagro.inra.fr