Satellite Client requirements: Open ports
Hi,
I am trying to register a client to my satellite, but it fails. I suspect that this is due to the client being on a restricted VLAN. Does anybody know which ports must be open in the firewall for the rhnreg_ks command to work?
Regards,
Gunnar
Responses
Guru
6827 points
Hi Gunnar,
Note last paragraph...
Check this link https://access.redhat.com/site/solutions/10818 for info on the ports listed for the Satellite Server. Ports 80 and 443 (see the other ports in these two links, and please -do- visit/review the link below too)
This link goes into some detail on ports through a firewall (even though the title of the page is not doesn't mention rhn_register); rhn_register's ports is one of the first things explained in that link's resolution area.
That being said, the discussion in the second link (above) showed people experiencing some issues even after the mere ports, and one of the Red Hat folks recommended opening a case with them if needed. However, in my environment, we made it work. I believe there was more to it for our case than mere ports.
Kind Regards
Guru
2135 points
Snippet from my iptables:
-A 100-SATELLITE-INPUT -s sat.ip.add.ress/32 -p tcp -m tcp --sport 5222 -m state --state NEW -j ACCEPT
-A 100-SATELLITE-OUTPUT -d sat.ip.add.ress/32 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 443,5222 -m state --state NEW -j ACCEPT
We use only https to connect to Satellite once a system is registered. The 5222 is there for OSAD.
Try to wget the Satellite's URL via http (i.e. http://satellite.company.com/). If you get no response at all, probably a firewall issue somewhere. Any response from the Satellite and there's a connection going on which should allow rhnreg_ks.
D
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.