Re: Apt from behind a firewall

[Charles Baker <rascharles@yahoo.com>]

--- Johan van der Walt <johan@fskdjvdw.puk.ac.za>
wrote:
> I am trying to use apt-get from behind a firewall
> but am not sure exactly
> how to set up the apt.conf file. When I normally ftp
> to a site outside the
> firewall the procedure is as follows:
> 
> ftp uuu.vvv.www.xx
> userid: ftp@firewallid@uuu.vvv.www.xx
> passwd: johan@fskdjvdw.puk.ac.za@firewallpasswd
> 
> (1) Should I copy the ftp part of the example in
> /usr/doc/apt/examples to
> my /etc/apt.conf file?
> 
> (2) What is the meaning of the two proxy entries in
> the ftp part?
> 
> (3) Which user and passwd entries should I use?
> There are two sets. And
> should I use it in the same way as when I normally
> ftp to a server outside
> the firewall? 
> 
> (4) What else should I do?
> 
> (5) Using 2.2r6
> 
> Thanks
> 
> Johan van der Walt
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 


>From ``man apt.conf'':

http   HTTP URIs; http::Proxy is the default http
proxy to
              use.   It   is   in   the    standard   
form    of
              http://[[user][:pass]@]host[:port]/. Per
host prox­
              ies  can  also  be  specified  by  using
 the  form
              http::Proxy::<host> with the special
keyword DIRECT
              meaning to use no proxies. The
http_proxy  environ­
              ment variable will override all
settings.

              Three  settings are provided for cache
control with
              HTTP/1.1 complient proxy caches.
No-Cache tells the
              proxy  to  not  used  its cached
response under any
              circumstances, Max-Age is sent only for
index files
              and  tells the cache to refresh its
object if it is
              older than the  given  number  of 
seconds.  Debian
              updates  its  index files daily so the
default is 1
              day. No-Store specifies that the cache
should never
              store  this  request,  it  is  only set
for archive
              files. This may be useful to  prevent 
polluting  a
              proxy cache with very large .deb files.
Note: Squid
              2.0.2 does not support any of these
options.

              The option timeout sets the timeout
timer  used  by
              the  method,  this  applies to all
things including
              connection timeout and data timeout.

              One setting is provided  to  control 
the  pipeline
              depth  in  cases where the remote server
is not RFC
              conforming  or  buggy   (such   as  
Squid   2.0.2)
              Acquire::http::Pipeline-Depth can be a
value from 0
              to 5 indicating how many outstanding 
requests  APT
              should  send.  A value of zero MUST be
specified if
              the remote host does not  properly 
linger  on  TCP
              connections - otherwise data corruption
will occur.
              Hosts which require this are in 
violation  of  RFC
              2068.

ftp    FTP URIs; ftp::Proxy is the default proxy
server to
              use.   It   is   in   the    standard   
form    of
              ftp://[[user][:pass]@]host[:port]/ and
is overriden
              by the ftp_proxy environment variable.
To use a ftp
              proxy  you  will  have  to  set the
ftp::ProxyLogin
              script in the configuration file. This
entry speci­
              fies  the commands to send to tell the
proxy server
              what     to     connect     to.    
Please      see
             
/usr/share/doc/apt/examples/configure-index.gz  for
              an example of how to do this. The
subsitution vari­
              ables  available  are $(PROXY_USER),
$(PROXY_PASS),
              $(SITE_USER),    $(SITE_PASS),    
$(SITE),     and
              $(SITE_PORT).   Each  is taken from it's
respective
              URI component.

              The option timeout sets the timeout
timer  used  by
              the  method,  this  applies to all
things including
              connection timeout and data timeout.

              Several settings are provided  to 
control  passive
              mode.  Generally  it  is safe to leave
passive mode
              on, it works in nearly every
environment.   However
              some  situations  require that passive
mode be dis­
              abled and port mode ftp used instead.
This  can  be
              done  globally,  for  connections that
go through a
              proxy or for a specific host (See the
sample config
              file for examples)

              It  is  possible  to proxy FTP over HTTP
by setting
              the ftp_proxy environment variable to a
http url  -
              see  the  discussion  of  the http
method above for
              syntax. You cannot set this  in  the 
configuration
              file and it is not recommended to use
FTP over HTTP
              due to its low efficiency.

              The  setting  ForceExtended  controls 
the  use  of
              RFC2428  EPSV  and  EPRT  commands.  The
 defaut is
              false, which means these commands are
only used  if
              the  control  connection  is  IPv6.
Setting this to
              true forces their use  even  on  IPv4 
connections.
              Note  that most FTP servers do not
support RFC2428.

=====
rascharles@yahoo.com
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org