Re: How to apt-get over ssh tunnel through a firewall?

[Bob <spam@homeurl.co.uk>]

Mitchell Laks wrote:
> On 14:38 Fri 03 Oct     , Celejar wrote:
>   
> > On Fri, 3 Oct 2008 12:02:22 -0400
> >
> > There are several apt proxies available:
> >
> > apt-cacher
> > apt-cacher-ng
> > apt-proxy
> > approx
> >
> > [I use approx; various readers of this list have their own preferences.]
> >
> > Set up one of them on A, configure B-D's sources file appropriately,
> > and your ssh procedure should work.
> >     
>
> thank you. I am familiar with apt-cacher, but  not with approx which I can 
> try. 
>
> However, I think that does not solve my problem. For instance
> what if the A computer is running etch and B-D are running sid?
> How can I get B-D to get software that has not been installed on A?
>   

This is not a problem with apt-proxy as to it's clients it looks like a 
full mirror, however it only actually downloads the packages you use, so 
the first time you download a package it comes in at whatever speed it 
would if you downloaded it directly, but the second time it comes in at 
LAN speed.

For testing I lust used ssh tunnels to access my proxy and it works fine.

> Is there some smart way to set up a direct tunnel through A
> and tell  apt-get to go through the tunnel itself, instead of using
> these caching methods which better serve other purposes.
> (For instance since B-D run sid, I can cache on one of them for the others.
>   

Easer then that I have a pinhole in my firewall rules allowing access to 
port 9999 (the default apt-proxy port) but only to the IP of my 
apt-proxy from my 192.168.50.xx subnet to my 192.168.24.xx one, this 
allows wireless clients, my web server, and other less trusted clients 
to use the apt-proxy.

> what software-backbone/port is apt-get using to get the software? 
>
>
> Are you familiar with setting up tunnels like
>
> ssh -ND 8080  user@destination.com
> ?
>
> Mitchell
>   

To quote a previous post on the subject:

It's pretty cool to be able to perform net installs in a few minutes and
updates are equally fast, after the first time.  The only downside is
it's a bit picky about it's internet connection, I know that sounds
weird but when I have it connected directly to the internet with no http
proxy it stalls and doesn't work properly, when I have it behind a squid
proxy it's happy as a sand boy.

A slightly nonstandard thing I've done is I've created a different
section for each release, so instead of having
deb http://192.168.24.99:9999/debian/ etch main
deb http://192.168.24.99:9999/debian-security/ etch/updates main
or
deb http://192.168.24.99:9999/debian/ lenny main
deb http://192.168.24.99:9999/debian-security/ lenny/updates main
in my apt sources files I have
deb http://192.168.24.99:9999/etch/ etch main
deb http://192.168.24.99:9999/etch-security/ etch/updates main
or
deb http://192.168.24.99:9999/lenny/ lenny main
deb http://192.168.24.99:9999/lenny-security/ lenny/updates main

This is because apt-proxy will only hold a certain number of versions of
any given package, although this number is configurable I found that
sometimes stable packages were being pushed out by those from sid and
testing, this way I've still got most of sarge in cache .