[Spacewalk-list] Incoming ports on the proxy server?

[Sam Sen]

I’m interested in moving our master Spacewalk server to AWS. In each DC, I want to have a proxy server that will handle registration for its respective hosts. In terms of the proxy server, we allow all outgoing connection but we do restrict incoming connections. Do I need to allow certain ports for the proxy to communicate with the Spacewalk server in AWS?

As a test, I blocked all traffic from my Spacewalk server in my local DC to a local proxy server. I ran “yum repolist” from a host that is registered to the proxy server. The command hung. Looking at tcpdump, I noticed the server was attempting to communicate with the proxy server over https. Once i removed the iptables rule, I was able to run “yum repolist."