Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-19-2011, 07:35 AM
|
#1
|
Member
Registered: Sep 2009
Posts: 97
Rep:
|
yum+squid+whitelist
Hello
Im trying to whitelist the url:s on the internet that my server subnet can reach. Its basicly just supposed to be possible to do a yum update.
My whitelist looks like this http://pastebin.com/e1HLx1Ga
The changes i made to squid.conf (from the defaults) is this
acl our_networks src 172.28.3.0/24
acl whitelist dstdomain "/etc/squid/whitelist"
http_access allow all whitelist
Still i get this when trying to do yum update http://pastebin.com/xBDGQUU0
Any ideas?
|
|
|
04-19-2011, 02:36 PM
|
#2
|
Senior Member
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385
|
@ Reply
Apart from making changes in squid did you check the local firewall setting to allow http request? Because it doesn't matter whether the sites are in whitelist or not yum will check local firewall whether it is a allowed to make http request.
|
|
|
04-19-2011, 03:13 PM
|
#3
|
Member
Registered: Sep 2009
Posts: 97
Original Poster
Rep:
|
Yes the iptable rules are flushed on both machines.
|
|
|
04-19-2011, 03:16 PM
|
#4
|
Senior Member
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385
|
@ Reply
iptables -F will not work for YUM.
You have to check the system-config-security level settings, I am explaining this in context of Redhat not sure which OS you are using but as you said yum it appears that you might be using some rebuild of that category.
|
|
|
04-19-2011, 03:38 PM
|
#5
|
Member
Registered: Sep 2009
Posts: 97
Original Poster
Rep:
|
yeah centos (sorry my bad, should have told you that) do you care to explain why iptables -F dont work?
|
|
|
04-19-2011, 04:29 PM
|
#6
|
Senior Member
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385
|
@ Reply
Sure
iptables -F will be used to flush any deny request or any chain/rules that are mentioned in /etc/sysconfig/iptables.
Now if you have enabled your local system firewall and set selinux to enforcing but you have not select HTTP to be the trusted service then what iptables -F will do? Since there is no deny rule (and no allow rule for allowing http traffic) in /etc/sysconfig/iptables for denying HTTP traffic then obviously iptables -F will not going to create one!
Usually iptables -F is used to override any deny rules set in there as far as I know. But if there is no allow (not denying the traffic here but also not allowing, see the difference) rule then?
I hope you got your answer.
|
|
|
04-19-2011, 05:20 PM
|
#7
|
Member
Registered: Sep 2009
Posts: 97
Original Poster
Rep:
|
Cool now i learned something new, but squid still is the same problem with
|
|
|
04-19-2011, 05:57 PM
|
#8
|
Senior Member
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385
|
@ Reply
Please paste the output of cat /etc/yum.conf
Also can you try this in squid (not really sure but worth giving a try) put first three URLs like this:
http://url/*/*
|
|
|
04-19-2011, 06:13 PM
|
#9
|
Senior Member
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385
|
@ Reply
Your question related to iptables -F was a good one. I dig more deeper in that direction and yes iptables -F can be used to flush all firewall rules in case you are unaware about how to customize the firewall. Not sure how it integrates with sElinux.
The issue that you explained here I was also getting the same issue and trying iptables -F for like 2-3 times didnt work for me. Then when I was sitting clueless I thought of checking firewall settings and sElinux settings using system-config-securitylevel and as soon as I disabled both firewall and sElinux yum worked in one shot.
As far as my explanation goes I think it does make sense ;-) I mean if we are not allowing any service and that service is also not in deny list then by default it should be denied.
|
|
|
04-19-2011, 06:19 PM
|
#10
|
Member
Registered: Sep 2009
Posts: 97
Original Poster
Rep:
|
I figured it out (removed my default squid.conf and wrote a new basic one) dont really know what the problem was.
Now im gonna look into caching of the rpms on the squid server so i dont have to dl them every time.
Last edited by takayama; 04-19-2011 at 06:21 PM.
|
|
|
04-19-2011, 06:27 PM
|
#11
|
Senior Member
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385
|
It always feel good when things work as they are expected to :-)
Please put the thread to solved if the issue has been resolved.
Last edited by T3RM1NVT0R; 04-19-2011 at 06:50 PM.
|
|
|
All times are GMT -5. The time now is 08:35 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|