Installation guide

Firewall Rules

RHN strongly recommends firewalling the RHN Proxy Server solution from the Internet.

However, various T CP ports must be opened on the Proxy, depending on your implementation

of RHN Proxy Server:

Table 2.1. Ports to open on the Proxy

Port Direct ion Reason

80 Outbound Proxy uses this port to reach

rhn.redhat.com, xmlrpc.rhn.redhat.com,

and your Satellite URL (depending on

whether RHN Proxy is talking to either

RHN Hosted or a Satellite Server).

80 Inbound Client requests come in via either http

or https

443 Inbound Client requests come in via either http

or https

443 Outbound Proxy uses this port to reach

rhn.redhat.com, xmlrpc.rhn.redhat.com,

and your Satellite URL (depending on

whether RHN Proxy is talking to either

RHN Hosted or a Satellite Server).

4545 Outbound If your Proxy is connected to an RHN

Satellite Server, Monitoring makes

connections to rhnmd running on client

systems via this TCP port, if Monitoring

is enabled and probes configured to

registered systems.

5222 Inbound Opening this port allows osad client

connections to the jabberd daemon

on the Proxy when using RHN Push

technology.

5269 Outbound If your Proxy is connected an RHN

Satellite Server, this port must be open

to allows server-to-server connections

via jabberd for RHN Push

Technology.

Synchronized Syst em T imes

There is great time sensitivity when connecting to a Web server running SSL (Secure Sockets

Layer); it is imperative the time settings on the clients and server are reasonably close together

so the that SSL certificate does not expire before or during use. It is recommended that Network

Time Protocol (NTP) be used to synchronize the clocks.

Fully Qualified Domain Name (FQDN)

The system upon which the RHN Proxy Server will be installed must resolve its own FQDN

properly.

Red Hat Network Satellite 5.3 Proxy Installation Guide