Spacewalk Firewall Ports

Here below is the list of services along with the ports that needs to be accommodated on the respective FW to allow the communication 

Services and ports on spacewalk

69: TFTP (PXE provisioning)

80: Spacewalk Web interface

443: Spacewalk Web interface (SSL)

4545: Spacewalk monitoring

5222: If you plan to push actions to client systems

5269: If you push actions to a Spacewalk proxy server

9055: Oracle XE Web access

 

My Org uses only these following services:

80: Spacewalk Web interface

443: Spacewalk Web interface (SSL)

4545: Spacewalk monitoring

5222: If you plan to push actions to client systems

 

the individual conversation is explained on the Red Hat website 

What TCP ports are required to be open on a Red Hat Satellite, Proxy and/or Client system?

https://access.redhat.com/solutions/10818 

Environment

  • Red Hat Satellite 5
  • Red Hat Satellite Proxy 5
  • Red Hat Enterprise Linux

Issue

  • What TCP and/or UDP ports are required to be open on an Red Hat Satellite, Proxy and/or Client system?

Resolution

(note: except otherwise indicated TCP traffic is implied.)

For Red Hat Satellite 5:

Unless the Satellite server is in disconnected mode, it needs to initiate outbound connections on ports 80 and 443 to the Red Hat Network (RHN) Classic service ( rhn.redhat.comxmlrpc.rhn.redhat.com, and satellite.rhn.redhat.com ). Access to these hosts and ports should not be restricted to ensure correct functioning of the satellite system. If required, an HTTP(S) proxy may be used, by passing the "--http-proxy" option to the "satellite-sync" command.

Similarly, the Satellite server needs to allow inbound connections on ports 80 and 443 from client systems and any Proxy servers connected to the Satellite, as well as any system that needs to access the Satellite Web UI. WebUI and client requests come in via either http or https.

Port 67 needs to allow inbound TCP/UDP connections to configure the Satellite as a DHCP server for systems requesting IP addresses.

Port 69 needs to allow inbound TCP/UDP connections to configure the Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems.

If using Satellite version 5.6 or above with External or Managed PostgreSQL Database, the Satellite server needs to allow both inbound and outbound connections on port 5432 to communicate with the Postgres database server.

If using the Monitoring functionality, the Satellite needs outbound connections to individual monitoring-enabled client systems on port 4545. Satellite Monitoring makes connections to rhnmd running on client systems on this port if Monitoring is enabled and probes are configured for registered systems.

If using the Push functionality, the Satellite needs both outbound and inbound connections on port 5269 to and from each registered Proxy server with Push functionality enabled. This is used for two-way communications between "jabberd" service on Satellite and Proxy, respectively. In addition, it needs to allow inbound connections on port 5222 from client systems directly registered to the Satellite. This is used for one-way (client to server) communications between "osad" service on client systems and "jabberd" service on the Satellite.

For Red Hat Satellite Proxy 5:

The Proxy server needs outbound connections on ports 80 and 443 to the upstream parent system, which can be either RHN Classic or an internal Satellite server, and it needs inbound connections on ports 80 and 443 from the Client requests coming in via either http or https.

Similar to Satellite, if using the Monitoring functionality, the Proxy needs outbound connections on port 4545 to Monitoring-enabled client systems.

If using the Push functionality, the Proxy needs both outbound and inbound connections on port 5269 to and from the upstream Satellite. This is used for two-way communications between "jabberd" service on Satellite and Proxy, respectively. In addition, it needs to allow inbound connections on port 5222 from client systems registered to the Proxy. This is used for one-way (client to server) communications between "osad" service on client systems and "jabberd" service on the Proxy.

For Client Systems:

Client systems will initiate outbound connections on ports 80 and 443 to their upstream server, which can be Red Hat Satellite, Proxy or RHN Classic.

If using the Monitoring functionality, Monitoring-enabled client systems needs to allow inbound connections on port 4545 from the upstream server (Satellite or Proxy).

If using the Push functionality, the client system needs outbound connections on port 5222 to the upstream server (Satellite or Proxy). This is used for one-way (client to server) communications between "osad" service on client systems and "jabberd" service on the server.

Comments

Details can be found in the 'Additional Requirements' section under the Red Hat Satellite Installation Guide ; all documentation is available at https://access.redhat.com/site/documentation/

Also see this solution: "How do I access RHN (yum/up2date/satellite-sync) through a firewall?"