- Red Hat Enterprise Linux
- Red Hat Network
- Red Hat Satellite 5.x
- Internet access filtered by proxy or firewall
- How do I configure my system so that up2date, yum, or satellite-sync can access RHN channels through a firewall or proxy?
- What URLs and ports do I need to configure in my proxy server to access RHN Classic Hosted or Red Hat Satelite 5?
- Network error when registering a server with rhn_register or rhnreg_ks.
- Having issues with my subscription certificate on a machine behind a firewall.
When trying to update packages with yum, the following error is seen:
There was an error communicating with RHN. RHN channel support will be disabled. Error communicating with server. The message was: Unable to connect to the host and port specified
satellite-syncto work correctly, the firewall must allow connections to:
- rhn.redhat.com on port 80 (http)
- rhn.redhat.com on port 443 (https)
- xmlrpc.rhn.redhat.com on port 80 (http)
- xmlrpc.rhn.redhat.com on port 443 (https)
- content-xmlrpc.rhn.redhat.com on port 80 (http)
- content-xmlrpc.rhn.redhat.com on port 443 (https)
- content-web.rhn.redhat.com on port 80 (http)
- content-web.rhn.redhat.com on port 443 (https)
- cdn.redhat.com on port 80 (http)
- cdn.redhat.com on port 443 (https)
For Red hat Subscription Management, see How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy
Red Hat Satellite 5.x needs additional access to (click here for Satellite 6.x):
- satellite.rhn.redhat.com on port 443 (https)
- satellite.rhn.redhat.com on port 80 (http)
- content-satellite.rhn.redhat.com on port 80 (http)
- content-satellite.rhn.redhat.com on port 443 (https)
Note: IP addresses for servers are not permanent. Please use the domain names instead. This is partly because we distribute them through a Content Delivery Service by Akamai. For this reason, it is necessary to allow the following ports/hostnames on firewall for proper yum operation:
* *.akamaiedge.net on port 443 [https]
- If the network cannot be opened to the above hostnames and ports, and RHN Classic is being used, location aware updates can be disabled as a workaround. This will not work with RHSM, which requires a different set of hostnames through the firewall.
- If FTP is used as opposed to HTTP, then outbound port 20 (FTP) will need to be opened. To determine if FTP is used, see the output of
grep -i ftp:///etc/yum.repos.d/*.
- A Red Hat Enterprise Linux server (if registered via RHN Classic instead of RHSM) or Satellite 5 server must be able to connect back to RHN channels to download software updates.
- If a firewall prohibits unlimited outbound connections, it is necessary to re-configure the firewall or use a proxy which allows access to the appropriate hosts and ports.
- Learn more
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.