PDA

View Full Version : What URLs to allow in firewall for suse_register and zypper



jdoeconsulting
21-Nov-2012, 13:47
I'm working in an environment that only allows outgoing Internet access
through their ISA proxy server.
Unfortunately the do not allow basic authentication to the ISA, only NTLM.

I haven't been able to get the Yast proxy to work with the ISA (perhaps
someone has a solution to this) and therefore they decided to allow
outgoing Internet access from the SLES servers to only the needed domains;
secure.novell.com
nu.novell.com
download.opensuse.org

However this doesn't seem to be sufficient as it's not possible to register
new machines with NCC. Looking at a packet trace it seems it also
needs to access a akamai solution. Does someone know what exact
servers are used for the akamai solution?

I'm also aware there is the SMT, once the install grows beyond todays 3
servers I'm planning to set this up in the environment.

Thx

malcolmlewis
22-Nov-2012, 16:50
On Wed 21 Nov 2012 12:54:01 PM CST, jdoeconsulting wrote:


I'm working in an environment that only allows outgoing Internet access
through their ISA proxy server.
Unfortunately the do not allow basic authentication to the ISA, only
NTLM.

I haven't been able to get the Yast proxy to work with the ISA
(perhaps
someone has a solution to this) and therefore they decided to allow
outgoing Internet access from the SLES servers to only the needed
domains;
secure.novell.com
nu.novell.com
download.opensuse.org

However this doesn't seem to be sufficient as it's not possible to
register
new machines with NCC. Looking at a packet trace it seems it also
needs to access a akamai solution. Does someone know what exact
servers are used for the akamai solution?

I'm also aware there is the SMT, once the install grows beyond todays
3
servers I'm planning to set this up in the environment.

Thx




Hi
You need to populate proxy setting in YAST and to add two lines
with your proxy information to /etc/profile, for example:

export http_proxy="http://10.10.1.1:8081/"
export https_proxy="https://10.10.1.1:8081/"

As well as the /root/.curlrc

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.2 (x86_64) Kernel 3.4.11-2.16-desktop
up 4 days 16:11, 3 users, load average: 0.31, 0.26, 0.19
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

jdoeconsulting
23-Nov-2012, 13:42
Thx, I'll try that out. Any ideas as to my other question?

malcolmlewis
26-Nov-2012, 17:38
On Fri 23 Nov 2012 12:44:02 PM CST, jdoeconsulting wrote:


Thx, I'll try that out. Any ideas as to my other question?




Hi
I asked my SUSE contacts and the use of the Akamai caching technology
shouldn't affect you proxy issue.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.2 (x86_64) Kernel 3.4.11-2.16-desktop
up 2 days 16:49, 5 users, load average: 0.04, 0.05, 0.09
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

jdoeconsulting
28-Nov-2012, 10:48
Thanks Malcolm,

I understand that. My question however, was that as we can not get the proxy to work
(we get a 502 error), I need to specify which servers the SLES boxes needs to talk
to for suse_register and patching to work. As Novell/SUSE is using the Akamai is
there a possibility to get a list of which servers is part of that?
The FW team only allows Internet access through either the proxy or to a list of
trusted domains.