CentOS – Update/Install applications via Proxy using Yum


TL,DR; – Go to Installing Squid

Yum is a great package manager for CentOS that is the secret envy of every Windows system administrator on the planet, however there will come a time when you attempt a “yum update” or “yum install tcpdump” to find out there is a problem with internet access from your server.

90% of the time you’ll probably find a network issue or someones messed up the DNS resolver configuration, however in some instances the server will legitimately have no internet access and setting up this access is either not allowed or high innocent.

Recently I worked on a server with two network connections, one to the management network and another to a VoIP signalling/media network, in this setup the default gateway was configured via the VoIP network as that’s the mission critical services, all the management elements had static routes via the management interface gateway. The problem was the VoIP network was internal and had no internet access available where as the management network did. Placing a static route for every possible Yum repository and mirror obviously isn’t an option and neither was switching around the network configuration, so here comes the Proxy.

The concept of a proxy is fairly simple, we’re going to tell Yum that all of it’s traffic should be sent to a specific IP address on a specific port, this IP address will be on a server with internet access and will have the Squid proxy installed and listening on that port for inbound connections. Assuming the access lists on the proxy are configured correctly this will then route that traffic to the internet and back on behalf of the originating server, therefore giving the illusion of internet access for Yum, simple!


Initialling Squid

So you need to find a server on your network that has IP connectivity to the internet and to your other server that doesn’t have internet access, this is where the proxy (Squid) will reside.

First step use Yum to install the Squid application on this server, and then ensure that it’s going to start at boot.

yum -y install squid
chkconfig squid on

Now you need to define which client IP addresses are permitted to use your proxy, in our case this range should include the IP of the client that doesn’t have internet access. So edit the squid configuration as below replacing the IP range as per your network.

nano /etc/squid/squid.conf
acl allowed_clients_acl src
http_access allow allowed_clients_acl

Now restart the Squid service to apply the configuration changes:

service squid restart

It’s always worth checking that Squid is actually running and listening on the correct network port using netstat

netstat -lnutp | grep 3128
tcp        0      0      *                   LISTEN      20653/(squid)

Client/Yum configuration

So our Squid proxy server should be working now, the next step is to actually configure the clients to use this server. Simply in the users (in this case root) bash profile were going to specific an environment variable that yum will pick up on, so edit that profile text file:

nano /root/.bash_profile

Then just paste in this line, replacing the IP address with your Squid server (you can also use a hostname).

export http_proxy=

Bingo – Try some yum commands on the server and you should be in business!

Any problems leave a question in the comments 🙂

Technology enthusiastic with many ongoing online projects one of which is this personal blog PingBin. While also working full time within a data center designing and maintaining the network infrastructure.

Leave a reply:

Your email address will not be published.