Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 3.7 -
11121314151617181920
2.3. Addit ional Requirement s
The following additional requirements must be met before the Satellite Proxy installation can be
considered complete:
Fu ll Access
Client systems need full network access to the Satellite Proxy services and ports.
Firewall R u les
Red Hat strongly recommends setting up a firewall between the Satellite Proxy and the
Internet. However, depending on your Satellite Proxy implementation, you need to open
several TCP ports in this firewall:
T ab le 2.1. Po rt s t o O p en o n t h e Sat ellite Proxy
Po rt Direction Reason
80 Outbound The Satellite Proxy uses this port to reach your Satellite
URL.
80 Inbound Client requests arrive using either HTTP or HTTPS.
443 Inbound Client requests arrive using either HTTP or HTTPS.
443 Outbound The Satellite Proxy uses this port to reach the Satellite
URL.
4545 Outbound If your Satellite Proxy is connected to a Satellite Server,
Monitoring makes connections to rhnmd running on client
systems through this TCP port, if Monitoring is enabled
and probes are configured to registered systems.
5222 Inbound Allows o sad client connections to the jabberd daemon
on the Satellite Proxy when using Red Hat Network Push
technology.
5269 Inbound and
Outbound
If the Satellite Proxy is connected a Satellite Server, this
port must be open to allow server-to-server connections
using jabberd for Red Hat Network Push Technology.
Syn ch ron iz ed Syst em Times
Time sensitivity is a significant factor when connecting to a Web server running SSL
(Secure Sockets Layer); it is imperative the time settings on the clients and server are close
together so that the SSL certificate does not expire before or during use. It is recommended
that Network Time Protocol (NTP) be used to synchronize the clocks.
Fu lly Q u alif ied Do main Name (FQ D N )
The system upon which the Satellite Proxy is installed must resolve its own FQDN properly.
Dist rib u t io n Lo cation s
Because the Satellite Proxy forwards virtually all local HTTP requests to Red Hat Satellite,
take care in putting files destined for distribution (such as in a kickstart installation tree) in
the non-forwarding location on the Satellite Proxy: /var/www/html /pub/. Files placed in
this directory can be downloaded directly from the Satellite Proxy. This can be especially
useful for distributing GPG keys or establishing installation trees for kickstart files.
Band widt h
Red Hat Sat ellit e 5.7 Proxy In st allat ion G uide
8