'Failed to open TCP connection' error on Red Hat Satellite 6.x server using a proxy, in Subscriptions page or when enabling a Red Hat repository

Environment

• Red Hat Satellite 6
• Red Hat Enterprise Linux 8
• Red Hat Enterprise Linux 9

Issue

The following error:

Failed to open TCP connection to <PROXY_IP>:<PROXY_PORT> (Permission denied - connect(2) for "XX.XXX.XXX.XXX" port XXXX)

is reported when HTTP Proxy is configured on Red Hat Satellite 6.x server:

• On the Subscriptions page.
• On the Red Hat Repositories page when trying to enable a Red Hat repository.

Resolution

• Make sure that URLs given in this article are whitelisted in the proxy server.

• On the Satellite server, run the below command as the root user to add the port used by the HTTP Proxy to SELinux policy configuration.

  # semanage port -a -t http_cache_port_t -p tcp <PROXY_PORT>
  

  • Replace PROXY_PORT with an actual port number used by the HTTP Proxy.

For more KB articles/solutions related to Red Hat Satellite 6.x Repository Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Repository Issues.

Root Cause

• HTTP Proxy is using an odd port that is not added to the SELinux policy configuration by default.

Diagnostic Steps

• Run the below command on the Red Hat Satellite server to list the ports SELinux allows for a proxy connection to be made.

  # semanage port -l |grep http_cache_port_t
  http_cache_port_t             tcp     8080, 8118, 8123, 10001-10010
  http_cache_port_t             udp     3130
  

  • The port used by the HTTP Proxy won't be listed in the output generated by the above command.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.