Re: Apt from behind a firewall
--- Johan van der Walt <johan@fskdjvdw.puk.ac.za>
wrote:
> I am trying to use apt-get from behind a firewall
> but am not sure exactly
> how to set up the apt.conf file. When I normally ftp
> to a site outside the
> firewall the procedure is as follows:
>
> ftp uuu.vvv.www.xx
> userid: ftp@firewallid@uuu.vvv.www.xx
> passwd: johan@fskdjvdw.puk.ac.za@firewallpasswd
>
> (1) Should I copy the ftp part of the example in
> /usr/doc/apt/examples to
> my /etc/apt.conf file?
>
> (2) What is the meaning of the two proxy entries in
> the ftp part?
>
> (3) Which user and passwd entries should I use?
> There are two sets. And
> should I use it in the same way as when I normally
> ftp to a server outside
> the firewall?
>
> (4) What else should I do?
>
> (5) Using 2.2r6
>
> Thanks
>
> Johan van der Walt
>
>
>
> --
> To UNSUBSCRIBE, email to
> debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>From ``man apt.conf'':
http HTTP URIs; http::Proxy is the default http
proxy to
use. It is in the standard
form of
http://[[user][:pass]@]host[:port]/. Per
host prox
ies can also be specified by using
the form
http::Proxy::<host> with the special
keyword DIRECT
meaning to use no proxies. The
http_proxy environ
ment variable will override all
settings.
Three settings are provided for cache
control with
HTTP/1.1 complient proxy caches.
No-Cache tells the
proxy to not used its cached
response under any
circumstances, Max-Age is sent only for
index files
and tells the cache to refresh its
object if it is
older than the given number of
seconds. Debian
updates its index files daily so the
default is 1
day. No-Store specifies that the cache
should never
store this request, it is only set
for archive
files. This may be useful to prevent
polluting a
proxy cache with very large .deb files.
Note: Squid
2.0.2 does not support any of these
options.
The option timeout sets the timeout
timer used by
the method, this applies to all
things including
connection timeout and data timeout.
One setting is provided to control
the pipeline
depth in cases where the remote server
is not RFC
conforming or buggy (such as
Squid 2.0.2)
Acquire::http::Pipeline-Depth can be a
value from 0
to 5 indicating how many outstanding
requests APT
should send. A value of zero MUST be
specified if
the remote host does not properly
linger on TCP
connections - otherwise data corruption
will occur.
Hosts which require this are in
violation of RFC
2068.
ftp FTP URIs; ftp::Proxy is the default proxy
server to
use. It is in the standard
form of
ftp://[[user][:pass]@]host[:port]/ and
is overriden
by the ftp_proxy environment variable.
To use a ftp
proxy you will have to set the
ftp::ProxyLogin
script in the configuration file. This
entry speci
fies the commands to send to tell the
proxy server
what to connect to.
Please see
/usr/share/doc/apt/examples/configure-index.gz for
an example of how to do this. The
subsitution vari
ables available are $(PROXY_USER),
$(PROXY_PASS),
$(SITE_USER), $(SITE_PASS),
$(SITE), and
$(SITE_PORT). Each is taken from it's
respective
URI component.
The option timeout sets the timeout
timer used by
the method, this applies to all
things including
connection timeout and data timeout.
Several settings are provided to
control passive
mode. Generally it is safe to leave
passive mode
on, it works in nearly every
environment. However
some situations require that passive
mode be dis
abled and port mode ftp used instead.
This can be
done globally, for connections that
go through a
proxy or for a specific host (See the
sample config
file for examples)
It is possible to proxy FTP over HTTP
by setting
the ftp_proxy environment variable to a
http url -
see the discussion of the http
method above for
syntax. You cannot set this in the
configuration
file and it is not recommended to use
FTP over HTTP
due to its low efficiency.
The setting ForceExtended controls
the use of
RFC2428 EPSV and EPRT commands. The
defaut is
false, which means these commands are
only used if
the control connection is IPv6.
Setting this to
true forces their use even on IPv4
connections.
Note that most FTP servers do not
support RFC2428.
=====
rascharles@yahoo.com
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html
__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: