FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-17-2010, 11:36 AM
David McGuffey
 
Default yum update and iptables

I'm doing some testing in a lab which is isolated from the rest of my
network (DMZ). I'm doing both inbound and outbound filtering at the
firewall (CentOS +iptables).

What protocols, ports and destination IP addresses does yum use to
identify updates, and then actually go get them for installation?

Looking at yum.conf and wireshark data, yum appears to go to a central
site, look up the closest mirrors, then query the mirrors for the latest
updates.

Using wireshark it appears that http and tcp are used, but the addresses
are all over the place (many mirrors).

Is there a way to restrict the outbound traffic to a small number of
mirrors? In other words, can I force yum to only check certain sites?

If that is not so easy, I should be able to restrict the outbound
traffic to a small set of addresses (yes/no?).

DaveM


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2010, 12:25 PM
Tom H
 
Default yum update and iptables

On Wed, Nov 17, 2010 at 7:36 AM, David McGuffey
<davidmcguffey@verizon.net> wrote:
>
> I'm doing some testing in a lab which is isolated from the rest of my
> network (DMZ). I'm doing both inbound and outbound filtering at the
> firewall (CentOS +iptables).
>
> What protocols, ports and destination IP addresses does yum use to
> identify updates, and then actually go get them for installation?
>
> Looking at yum.conf and wireshark data, yum appears to go to a central
> site, look up the closest mirrors, then query the mirrors for the latest
> updates.
>
> Using wireshark it appears that http and tcp are used, but the addresses
> are all over the place (many mirrors).
>
> Is there a way to restrict the outbound traffic to a small number of
> mirrors? In other words, can I force yum to only check certain sites?
>
> If that is not so easy, I should be able to restrict the outbound
> traffic to a small set of addresses (yes/no?).

You can comment out "mirrorlist" and uncomment "baseurl" and set it to
your preferred mirror in the files in "/etc/yum.repos.d".
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-17-2010, 12:36 PM
Les Mikesell
 
Default yum update and iptables

On 11/17/10 7:25 AM, Tom H wrote:
> On Wed, Nov 17, 2010 at 7:36 AM, David McGuffey
> <davidmcguffey@verizon.net> wrote:
>>
>> I'm doing some testing in a lab which is isolated from the rest of my
>> network (DMZ). I'm doing both inbound and outbound filtering at the
>> firewall (CentOS +iptables).
>>
>> What protocols, ports and destination IP addresses does yum use to
>> identify updates, and then actually go get them for installation?
>>
>> Looking at yum.conf and wireshark data, yum appears to go to a central
>> site, look up the closest mirrors, then query the mirrors for the latest
>> updates.
>>
>> Using wireshark it appears that http and tcp are used, but the addresses
>> are all over the place (many mirrors).
>>
>> Is there a way to restrict the outbound traffic to a small number of
>> mirrors? In other words, can I force yum to only check certain sites?
>>
>> If that is not so easy, I should be able to restrict the outbound
>> traffic to a small set of addresses (yes/no?).
>
> You can comment out "mirrorlist" and uncomment "baseurl" and set it to
> your preferred mirror in the files in "/etc/yum.repos.d".

Also, if you have a squid or similar proxy that has unrestricted outbound access
you can set it in /etc/conf or simply export http_proxy= and ftp_proxy= values
before running yum.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org