Firewall

Yum 在防火牆後面安裝軟體包

  • May 13, 2018

我在一個數據中心有一個 CentOS 7 伺服器(伺服器 X),它有一個我不能做 yum 的防火牆:

# yum search htop
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras&infra=stock error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates&infra=stock error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
* base: mirrors.163.com
* extras: mirrors.shu.edu.cn
* updates: ftp.sjtu.edu.cn
Warning: No matches found for: htop
No matches found

而且數據中心沒有為我提供代理伺服器來安裝任何東西。

但是,我可以通過 Internet + VPN 從家用電腦 ssh 到伺服器 X。

我只是想知道是否有辦法利用 ssh 連接到 yum 安裝包(或任何其他 yum 安裝包的方法)。

這篇文章建議人們只使用 RPM 或 DVD 安裝。

我認為如果沒有任何依賴關係,從 RPM 安裝很簡單,但處理依賴關係會很麻煩。

歡迎任何建議。

提前致謝!

更新 1:我什至無法 ping mirrorlist.centos.org 的 IP(雖然它是可 ping 的):

# ping 85.236.43.108
PING 85.236.43.108 (85.236.43.108) 56(84) bytes of data.
^C
--- 85.236.43.108 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

所以DNS解析不是根本原因。

Traceroute 表示流量被阻塞:

# traceroute 85.236.43.108
traceroute to 85.236.43.108 (85.236.43.108), 30 hops max, 60 byte packets
1  gateway (172.18.22.254)  3.884 ms  4.100 ms  4.322 ms
2  gateway (172.18.22.254)  3.200 ms !H * *

它不能出去,因為數據中心有防火牆。Server X 本身沒有防火牆,也沒有 iptable 來防止外出。

更新 2:下載 rpms 和 rsync-ing 然後安裝失敗

# yum localinstall /tmp/audit-libs-2.8.1-3.el7.x86_64.rpm --disablerepo=*
Loaded plugins: fastestmirror
Examining /tmp/audit-libs-2.8.1-3.el7.x86_64.rpm: audit-libs-2.8.1-3.el7.x86_64
Marking /tmp/audit-libs-2.8.1-3.el7.x86_64.rpm as an update to audit-libs-2.7.6-3.el7.x86_64
Resolving Dependencies
--> Running transaction check
---> Package audit-libs.x86_64 0:2.7.6-3.el7 will be updated
--> Processing Dependency: audit-libs(x86-64) = 2.7.6-3.el7 for package: audit-2.7.6-3.el7.x86_64
Loading mirror speeds from cached hostfile
---> Package audit-libs.x86_64 0:2.8.1-3.el7 will be an update
--> Finished Dependency Resolution
Error: Package: audit-2.7.6-3.el7.x86_64 (@anaconda)
          Requires: audit-libs(x86-64) = 2.7.6-3.el7
          Removing: audit-libs-2.7.6-3.el7.x86_64 (@anaconda)
              audit-libs(x86-64) = 2.7.6-3.el7
          Updated By: audit-libs-2.8.1-3.el7.x86_64 (/audit-libs-2.8.1-3.el7.x86_64)
              audit-libs(x86-64) = 2.8.1-3.el7
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

確保您已通過防火牆允許相關且已建立的連接,否則響應將無法返回

引用自:https://serverfault.com/questions/911912