Re: How to apt-get over ssh tunnel through a firewall?
Mitchell Laks wrote: On 14:38 Fri 03 Oct , Celejar wrote: On Fri, 3 Oct 2008 12:02:22 -0400 There are several apt proxies available: apt-cacher apt-cacher-ng apt-proxy approx [I use approx; various readers of this list have their own preferences.] Set up one of them on A, configure B-D's sources file appropriately, and your ssh procedure should work. thank you. I am familiar with apt-cacher, but not with approx which I can try. However, I think that does not solve my problem. For instance what if the A computer is running etch and B-D are running sid? How can I get B-D to get software that has not been installed on A? This is not a problem with apt-proxy as to it's clients it looks like a full mirror, however it only actually downloads the packages you use, so the first time you download a package it comes in at whatever speed it would if you downloaded it directly, but the second time it comes in at LAN speed. For testing I lust used ssh tunnels to access my proxy and it works fine. Is there some smart way to set up a direct tunnel through A and tell apt-get to go through the tunnel itself, instead of using these caching methods which better serve other purposes. (For instance since B-D run sid, I can cache on one of them for the others. Easer then that I have a pinhole in my firewall rules allowing access to port (the default apt-proxy port) but only to the IP of my apt-proxy from my 192.168.50.xx subnet to my 192.168.24.xx one, this allows wireless clients, my web server, and other less trusted clients to use the apt-proxy. what software-backbone/port is apt-get using to get the software? Are you familiar with setting up tunnels like ssh -ND 8080 [EMAIL PROTECTED] ? Mitchell To quote a previous post on the subject: It's pretty cool to be able to perform net installs in a few minutes and updates are equally fast, after the first time. The only downside is it's a bit picky about it's internet connection, I know that sounds weird but when I have it connected directly to the internet with no http proxy it stalls and doesn't work properly, when I have it behind a squid proxy it's happy as a sand boy. A slightly nonstandard thing I've done is I've created a different section for each release, so instead of having deb http://192.168.24.99:/debian/ etch main deb http://192.168.24.99:/debian-security/ etch/updates main or deb http://192.168.24.99:/debian/ lenny main deb http://192.168.24.99:/debian-security/ lenny/updates main in my apt sources files I have deb http://192.168.24.99:/etch/ etch main deb http://192.168.24.99:/etch-security/ etch/updates main or deb http://192.168.24.99:/lenny/ lenny main deb http://192.168.24.99:/lenny-security/ lenny/updates main This is because apt-proxy will only hold a certain number of versions of any given package, although this number is configurable I found that sometimes stable packages were being pushed out by those from sid and testing, this way I've still got most of sarge in cache . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to apt-get over ssh tunnel through a firewall?
On Sun, Oct 05, 2008 at 04:02:21PM -0700, Steve Lamb wrote: Osamu Aoki wrote: Run squid on A and let others access it. You need to set http_proxy environment variable or use apt.conf setting for all A,B,C. Then you save bandwidth. Or use apt-cache. You must have meant apt-cacher. (I like squid approach though ... because it handles Debian archive design change more smoothly.) Osamu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to apt-get over ssh tunnel through a firewall?
On Fri, Oct 03, 2008 at 12:02:22PM -0400, Mitchell Laks wrote: Now I know how to browse the internet on B-D by creating a ssh tunnel to A and utilizing the Iceweasel Browser settings to use a local Socks proxy. This is untested, but if you change your sources.list to include something like: # /etc/apt/sources.list deb http://localhost:1080/debian/ stable main contrib non-free and then open a tunnel: # from the command line ssh -fND 1080 machine_A it should just work. If not, you can try something more complicated, like: # /etc/apt/sources.list deb http://localhost:32315/debian/ stable main contrib non-free # from the command line ssh -fN -L32315:localhost:32315 machineA 'ssh -fN -L32315:ftp.us.debian.org:80' There's probably a better way to do this, but you asked specifically about ssh tunneling. Good luck! -- Oh, look: rocks! -- Doctor Who, Destiny of the Daleks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to apt-get over ssh tunnel through a firewall?
Osamu Aoki wrote: Run squid on A and let others access it. You need to set http_proxy environment variable or use apt.conf setting for all A,B,C. Then you save bandwidth. Or use apt-cache. -- Steve C. Lamb | But who can decide what they dream PGP Key: 1FC01004 | and dream I do ---+- signature.asc Description: OpenPGP digital signature
Re: How to apt-get over ssh tunnel through a firewall?
On Fri, Oct 03, 2008 at 12:02:22 -0400, Mitchell Laks wrote: Hi, I have a number of debian machines that live behind a firewall. Debian Machine A is granted internet access and can browse the internet. However machines B-D were not granted internet access and live on the general internal network, and were originally installed with Debian by utilizing a private network with machine A 192.168.4.x, and getting internet access via NAT through A. Now machines B-D no longer live on the private network but can ssh into machine A. Now I know how to browse the internet on B-D by creating a ssh tunnel to A and utilizing the Iceweasel Browser settings to use a local Socks proxy. Can I do something similar with apt-get so that I can apt-get update and apt-get upgrade over ssh without physically moving the machines B-D to the private network 192.168.4.x with machine A? Can you run a proxy on machine A? You can secure it very tightly, both via its own configuration and via your firewall, so that it only accepts local connections on machine A. Then you can do this on machines B-D: ssh -N -L 31280:localhost:3128 $HOSTNAME_OR_IP_OF_MACHINE_A This will tunnel port 31280 on B-D to machine A, from where it will be forwarded to localhost (i.e. machine A itself) port 3128. This assumes that your proxy on A listens for local connections on port 3128 (the standard squid port). Then it will be as if the proxy was running on B-D listening on port 31280, so you can set http://localhost:31280; as the http_proxy variable on these machines. If you cannot run a proxy on machine A then you can try to use tsocks on machines B-D: http://tsocks.sourceforge.net/ (Debian packages are available in main.) -- Regards,| http://users.icfo.es/Florian.Kulzer Florian | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to apt-get over ssh tunnel through a firewall?
You can use ssh but ... On Fri, Oct 03, 2008 at 12:02:22PM -0400, Mitchell Laks wrote: Hi, I have a number of debian machines that live behind a firewall. Debian Machine A is granted internet access and can browse the internet. However machines B-D were not granted internet access and live on the general internal network, and were originally installed with Debian by utilizing a private network with machine A 192.168.4.x, and getting internet access via NAT through A. Now machines B-D no longer live on the private network but can ssh into machine A. Now I know how to browse the internet on B-D by creating a ssh tunnel to A and utilizing the Iceweasel Browser settings to use a local Socks proxy. Yes. Can I do something similar with apt-get so that I can apt-get update and apt-get upgrade over ssh without physically moving the machines B-D to the private network 192.168.4.x with machine A? Yes. But doing without ssh may be simpler and saves BW. Run squid on A and let others access it. You need to set http_proxy environment variable or use apt.conf setting for all A,B,C. Then you save bandwidth. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to apt-get over ssh tunnel through a firewall?
On Fri, 3 Oct 2008 18:01:55 -0400 Mitchell Laks [EMAIL PROTECTED] wrote: On 14:38 Fri 03 Oct , Celejar wrote: On Fri, 3 Oct 2008 12:02:22 -0400 There are several apt proxies available: apt-cacher apt-cacher-ng apt-proxy approx [I use approx; various readers of this list have their own preferences.] Set up one of them on A, configure B-D's sources file appropriately, and your ssh procedure should work. thank you. I am familiar with apt-cacher, but not with approx which I can try. However, I think that does not solve my problem. For instance what if the A computer is running etch and B-D are running sid? How can I get B-D to get software that has not been installed on A? I'm pretty sure that it makes no difference what flavor A is running - I assume that A need not even run Debian! The apt sources lists of B-D will contain (with approx - I assume you can do similarly with the others) references to the flavor desired, and A will fetch any packages that are needed. My sources contain (on the machine that runs approx): deb http://localhost:/debian/ sid main non-free contrib deb http://localhost:/debian-multimedia sid main Is there some smart way to set up a direct tunnel through A and tell apt-get to go through the tunnel itself, instead of using these caching methods which better serve other purposes. (For instance since B-D run sid, I can cache on one of them for the others. what software-backbone/port is apt-get using to get the software? apt can use an http proxy; see 'man apt.conf' for details. So you could set up one on A and configure B-D to tunnel in to it over ssh, but I think that you are misunderestimating the flexibility of the dedicated apt caching programs, as above. Mitchell Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
How to apt-get over ssh tunnel through a firewall?
Hi, I have a number of debian machines that live behind a firewall. Debian Machine A is granted internet access and can browse the internet. However machines B-D were not granted internet access and live on the general internal network, and were originally installed with Debian by utilizing a private network with machine A 192.168.4.x, and getting internet access via NAT through A. Now machines B-D no longer live on the private network but can ssh into machine A. Now I know how to browse the internet on B-D by creating a ssh tunnel to A and utilizing the Iceweasel Browser settings to use a local Socks proxy. Can I do something similar with apt-get so that I can apt-get update and apt-get upgrade over ssh without physically moving the machines B-D to the private network 192.168.4.x with machine A? thanks, mitchell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to apt-get over ssh tunnel through a firewall?
On Fri, 3 Oct 2008 12:02:22 -0400 Mitchell Laks [EMAIL PROTECTED] wrote: Hi, I have a number of debian machines that live behind a firewall. Debian Machine A is granted internet access and can browse the internet. However machines B-D were not granted internet access and live on the general internal network, and were originally installed with Debian by utilizing a private network with machine A 192.168.4.x, and getting internet access via NAT through A. Now machines B-D no longer live on the private network but can ssh into machine A. Now I know how to browse the internet on B-D by creating a ssh tunnel to A and utilizing the Iceweasel Browser settings to use a local Socks proxy. Can I do something similar with apt-get so that I can apt-get update and apt-get upgrade over ssh without physically moving the machines B-D to the private network 192.168.4.x with machine A? There are several apt proxies available: apt-cacher apt-cacher-ng apt-proxy approx [I use approx; various readers of this list have their own preferences.] Set up one of them on A, configure B-D's sources file appropriately, and your ssh procedure should work. thanks, mitchell Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to apt-get over ssh tunnel through a firewall?
On 14:38 Fri 03 Oct , Celejar wrote: On Fri, 3 Oct 2008 12:02:22 -0400 There are several apt proxies available: apt-cacher apt-cacher-ng apt-proxy approx [I use approx; various readers of this list have their own preferences.] Set up one of them on A, configure B-D's sources file appropriately, and your ssh procedure should work. thank you. I am familiar with apt-cacher, but not with approx which I can try. However, I think that does not solve my problem. For instance what if the A computer is running etch and B-D are running sid? How can I get B-D to get software that has not been installed on A? Is there some smart way to set up a direct tunnel through A and tell apt-get to go through the tunnel itself, instead of using these caching methods which better serve other purposes. (For instance since B-D run sid, I can cache on one of them for the others. what software-backbone/port is apt-get using to get the software? Are you familiar with setting up tunnels like ssh -ND 8080 [EMAIL PROTECTED] ? Mitchell thanks, mitchell Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]