Re: How to apt-get over ssh tunnel through a firewall?
Mitchell Laks wrote:
On 14:38 Fri 03 Oct , Celejar wrote:
On Fri, 3 Oct 2008 12:02:22 -0400
There are several apt proxies available:
apt-cacher
apt-cacher-ng
apt-proxy
approx
[I use approx; various readers of this list have their own preferences.]
Set up one of them on A, configure B-D's sources file appropriately,
and your ssh procedure should work.
thank you. I am familiar with apt-cacher, but not with approx which I can
try.
However, I think that does not solve my problem. For instance
what if the A computer is running etch and B-D are running sid?
How can I get B-D to get software that has not been installed on A?
This is not a problem with apt-proxy as to it's clients it looks like a
full mirror, however it only actually downloads the packages you use, so
the first time you download a package it comes in at whatever speed it
would if you downloaded it directly, but the second time it comes in at
LAN speed.
For testing I lust used ssh tunnels to access my proxy and it works fine.
Is there some smart way to set up a direct tunnel through A
and tell apt-get to go through the tunnel itself, instead of using
these caching methods which better serve other purposes.
(For instance since B-D run sid, I can cache on one of them for the others.
Easer then that I have a pinhole in my firewall rules allowing access to
port 9999 (the default apt-proxy port) but only to the IP of my
apt-proxy from my 192.168.50.xx subnet to my 192.168.24.xx one, this
allows wireless clients, my web server, and other less trusted clients
to use the apt-proxy.
what software-backbone/port is apt-get using to get the software?
Are you familiar with setting up tunnels like
ssh -ND 8080 user@destination.com
?
Mitchell
To quote a previous post on the subject:
It's pretty cool to be able to perform net installs in a few minutes and
updates are equally fast, after the first time. The only downside is
it's a bit picky about it's internet connection, I know that sounds
weird but when I have it connected directly to the internet with no http
proxy it stalls and doesn't work properly, when I have it behind a squid
proxy it's happy as a sand boy.
A slightly nonstandard thing I've done is I've created a different
section for each release, so instead of having
deb http://192.168.24.99:9999/debian/ etch main
deb http://192.168.24.99:9999/debian-security/ etch/updates main
or
deb http://192.168.24.99:9999/debian/ lenny main
deb http://192.168.24.99:9999/debian-security/ lenny/updates main
in my apt sources files I have
deb http://192.168.24.99:9999/etch/ etch main
deb http://192.168.24.99:9999/etch-security/ etch/updates main
or
deb http://192.168.24.99:9999/lenny/ lenny main
deb http://192.168.24.99:9999/lenny-security/ lenny/updates main
This is because apt-proxy will only hold a certain number of versions of
any given package, although this number is configurable I found that
sometimes stable packages were being pushed out by those from sid and
testing, this way I've still got most of sarge in cache .
Reply to: