[Spacewalk-list] [EXT] Re: Incoming ports on the proxy server?

[Sam Sen]

I saw but I wasn't sure if the inbound was for the clients? I won't be able to expose the proxy to the internet, therefore, if the master needs to communicate with the proxy (proxy can reach master but not the other way around) I won't be able to do this. I was hoping that the communication would be one way (proxy to master).

My clients and proxy servers sit in the same data center so there's no issue there.

On Jun 15, 2016, at 2:59 AM, "Tomáš Kašpárek" <tkasparek at redhat.com<mailto:tkasparek at redhat.com>> wrote:
Hello,

taken from <https://fedorahosted.org/spacewalk/wiki/HowToInstallProxy> https://fedorahosted.org/spacewalk/wiki/HowToInstallProxy

  *   Outbound open ports 80, 443, 4545 (only if you want to enable monitoring) and 5269
  *   Inbound open ports 80, 443 and 5222

Best regards,
Tomas Kasparek

On 06/15/2016 04:52 AM, Sam Sen wrote:

I’m interested in moving our master Spacewalk server to AWS. In each DC, I want to have a proxy server that will handle registration for its respective hosts. In terms of the proxy server, we allow all outgoing connection but we do restrict incoming connections. Do I need to allow certain ports for the proxy to communicate with the Spacewalk server in AWS?

As a test, I blocked all traffic from my Spacewalk server in my local DC to a local proxy server. I ran “yum repolist” from a host that is registered to the proxy server. The command hung. Looking at tcpdump, I noticed the server was attempting to communicate with the proxy server over https. Once i removed the iptables rule, I was able to run “yum repolist."

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20160615/5255b732/attachment.htm>