[Gllug] Installing Debian Sarge on a brand new SATA-based machine

John Winters john at sinodun.org.uk
Wed May 10 14:31:44 UTC 2006


Thanks to all for suggestions on starting a Debian installation.  I've
gone for the option of using the Etch installer, but now I'm hitting
another sticking point, brought on by a combination of mis-features in
the Debian installer and in our network (over which I have no control).

The primary problem is that all outgoing http traffic from our network
is blocked.  We have to access web sites by way of a proxy (and that
uses NTLM authentication - nasty).  I have squid configured on a local
machine here and it routes all requests through ntlmaps to the proxy
which can access the outside world.  I can then point the installer at
my squid installation to use as a proxy - but - this is incredibly slow.

I also have here a local mirror of the Debian site (which I update from
home by way of sneakernet).  I would like this to use this as the source
for my installation.  The problem is, if I tell the installer to use the
local mirror and forget about proxies and stuff, then it finds the
mirror fine, but then without permission tries to access
security.debian.org to see if there are any security updates.  This
eventually fails (very slowly because our firewall just drops the
relevant packets) and then the installer displays a dialogue and says it
will carry on without - but it doesn't.  Once you've selected "continue"
from the dialogue it just sits there and nothing further happens.  This
seems to be a bug in the debian installer (arguably two bugs, because it
should give you a choice before it attempts to access the security
updates).

To get past these bugs in the installer I *have* to tell it to use my
squid as a proxy.  But if I do that then I can't access my local mirror.
The squid installation forwards *all* requests to the external NTLMAPS
proxy and that doesn't have access back in to my mirror.

I suppose it comes down to a squid configuration question.  Is there any
way of telling squid to use another proxy as its parent for all requests
*except* those for a certain domain, which it should handle locally?  By
reading the documentation I've managed to get as far as, "Use this proxy
for all requests except those for xxxxx domain", but I can't find a way
of adding the, "which you should handle locally" bit.  Squid simply
rejects all requests for pages in the xxxxx domain.

I have the following in squid.conf:

cache_peer bluebox       parent    3128  3130

and I've added the line:

cache_peer_domain bluebox !.<local domain name>

which causes it to stop sending those requests to its parent, but not to
handle them itself.

Any squid gurus out there?  (Or anyone know how to get the debian
installer to behave?)

TIA,
John

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list