LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-19-2011, 07:35 AM   #1
takayama
Member
 
Registered: Sep 2009
Posts: 97

Rep: Reputation: 0
yum+squid+whitelist


Hello
Im trying to whitelist the url:s on the internet that my server subnet can reach. Its basicly just supposed to be possible to do a yum update.

My whitelist looks like this http://pastebin.com/e1HLx1Ga

The changes i made to squid.conf (from the defaults) is this

acl our_networks src 172.28.3.0/24
acl whitelist dstdomain "/etc/squid/whitelist"
http_access allow all whitelist



Still i get this when trying to do yum updatehttp://pastebin.com/xBDGQUU0

Any ideas?
 
Old 04-19-2011, 02:36 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Apart from making changes in squid did you check the local firewall setting to allow http request? Because it doesn't matter whether the sites are in whitelist or not yum will check local firewall whether it is a allowed to make http request.
 
Old 04-19-2011, 03:13 PM   #3
takayama
Member
 
Registered: Sep 2009
Posts: 97

Original Poster
Rep: Reputation: 0
Yes the iptable rules are flushed on both machines.
 
Old 04-19-2011, 03:16 PM   #4
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

iptables -F will not work for YUM.

You have to check the system-config-security level settings, I am explaining this in context of Redhat not sure which OS you are using but as you said yum it appears that you might be using some rebuild of that category.
 
Old 04-19-2011, 03:38 PM   #5
takayama
Member
 
Registered: Sep 2009
Posts: 97

Original Poster
Rep: Reputation: 0
yeah centos (sorry my bad, should have told you that) do you care to explain why iptables -F dont work?
 
Old 04-19-2011, 04:29 PM   #6
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Sure

iptables -F will be used to flush any deny request or any chain/rules that are mentioned in /etc/sysconfig/iptables.

Now if you have enabled your local system firewall and set selinux to enforcing but you have not select HTTP to be the trusted service then what iptables -F will do? Since there is no deny rule (and no allow rule for allowing http traffic) in /etc/sysconfig/iptables for denying HTTP traffic then obviously iptables -F will not going to create one!

Usually iptables -F is used to override any deny rules set in there as far as I know. But if there is no allow (not denying the traffic here but also not allowing, see the difference) rule then?

I hope you got your answer.
 
Old 04-19-2011, 05:20 PM   #7
takayama
Member
 
Registered: Sep 2009
Posts: 97

Original Poster
Rep: Reputation: 0
Cool now i learned something new, but squid still is the same problem with
 
Old 04-19-2011, 05:57 PM   #8
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Please paste the output of cat /etc/yum.conf

Also can you try this in squid (not really sure but worth giving a try) put first three URLs like this:

http://url/*/*
 
Old 04-19-2011, 06:13 PM   #9
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Your question related to iptables -F was a good one. I dig more deeper in that direction and yes iptables -F can be used to flush all firewall rules in case you are unaware about how to customize the firewall. Not sure how it integrates with sElinux.

The issue that you explained here I was also getting the same issue and trying iptables -F for like 2-3 times didnt work for me. Then when I was sitting clueless I thought of checking firewall settings and sElinux settings using system-config-securitylevel and as soon as I disabled both firewall and sElinux yum worked in one shot.

As far as my explanation goes I think it does make sense ;-) I mean if we are not allowing any service and that service is also not in deny list then by default it should be denied.
 
Old 04-19-2011, 06:19 PM   #10
takayama
Member
 
Registered: Sep 2009
Posts: 97

Original Poster
Rep: Reputation: 0
I figured it out (removed my default squid.conf and wrote a new basic one) dont really know what the problem was.

Now im gonna look into caching of the rpms on the squid server so i dont have to dl them every time.

Last edited by takayama; 04-19-2011 at 06:21 PM.
 
Old 04-19-2011, 06:27 PM   #11
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
It always feel good when things work as they are expected to :-)

Please put the thread to solved if the issue has been resolved.

Last edited by T3RM1NVT0R; 04-19-2011 at 06:50 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Automatic update of squid 'whitelist' chuafengru Linux - Networking 1 07-11-2010 04:59 PM
squid whitelist problem srini406 Linux - Newbie 1 03-18-2010 01:33 AM
squid Whitelist ZoGol Linux - Newbie 1 09-30-2009 03:35 PM
fedora 7 yum squid error sumesh.pt Linux - Newbie 6 12-04-2007 06:53 AM
How To Whitelist Websites And Ports Using Squid SBN Linux - Software 1 08-02-2006 01:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration