[CentOS] LDAP/iptables

Sun Sep 4 15:15:30 UTC 2005
Johnny Hughes <mailing-lists at hughesjr.com>

On Sun, 2005-09-04 at 09:10 -0400, Thomas E Dukes wrote:
> Hello,
> 
> I am trying to get LDAP running.  So far, the server is running but I cannot
> connect to port 389 or the server using webmin or phpldapadmin.  It could be
> my ISP has blocked this port but I'm not sure.  I have tried to telnet to
> port 389 but it is refused.  All other services run fine.
> 
> I user the iptables ruleset found in the IP-Masquerade HowTo.  Below is the
> ruleset I follow for opening ports for external access.  For some reason it
> won't open 389.
> 
> $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \
>  -p tcp -s $UNIVERSE -d $EXTIP --dport 389 -j ACCEPT
> 
> Where $EXTIF = eth0 and $EXTIP = my ipaddress
> 
> Does anyone know what I may be doing wrong?
> 
> TIA
> 
> 

If you are trying to connect from the outside from another PC ... and if
the firewall and ldap are installed on the same PC, that should work to
allow connection to port 389.

If you are trying to connect directly to port 389 from and internal IP,
that probably won't work. (you will need to do something to PREROUTING
chain to get the packets routed to the EXTIF)

BUT ... you shouldn't need to do either of those if you are also running
webmin or phpmyadmin also on that machine ... if you listen on the
internal IP at port 389 and not the external IP.

Does netstat -aptn show you listening on the internal / external /  or
loopback ip on port 389 (or more than one of them).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20050904/fee18eaa/attachment-0005.sig>