Linux Iptables Open LDAP Server TCP Ports 389 and 636

by on August 16, 2009 · 7 comments· LAST UPDATED August 16, 2009

in , ,

The default Iptables configuration under CentOS / Red Hat / RHEL / Fedora Linux does not allow inbound access to LDAP service. How do I update iptables settings to allow access to the LDAP primary TCP #389 and encrypted-only TCP # 636 ports, while keeping all other ports on the server in their default protected state?

Under CentOS / RHEL you need to update /etc/sysconfig/iptables files. Usually you need to restrict access to an appropriate network block and network mask, representing the client machines on your LAN or WAN which will connect to your LDAP server hosted on RHEL.

Configure Iptables to Allow Access to the LDAP Server

Edit /etc/sysconfig/iptables using the text editor:
# vi /etc/sysconfig/iptables
Add the following lines, before the final LOG and DROP lines to give access only from 192.168.1.0/24 network:

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 389 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 636 -j ACCEPT

Save and close the file. Reload iptables firewall rules and open ports # 389 and 636:
# service iptables reload

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 7 comments… read them below or add one }

1 sunny August 16, 2009 at 12:04 pm

can you explain what is LDAP server and what is its use

Reply

2 nixCraft August 16, 2009 at 1:02 pm

Lightweight Directory Access Protocol is an application protocol for querying and modifying directory services running over TCP/IP. It is used for Email application, web server, squid, central authentication and much more.

Reply

3 Baskar February 1, 2011 at 1:36 am

I have an LDAP server running on RHEL 6. When I do an LDAP search within that server, it works. But, when I perform the same search from outside, I get “Can’t connect to LDAP Server”. I have disabled the Firewall. Both ips are on the same subnet. But the same set up works from SLES 11(LDAP Server). What is different on RHEL 6. Any ideas? Thanks.

Reply

4 Peter Zau hkawng August 20, 2009 at 5:34 am

Hi sir
I heard that linux server is good for proxy, I also read linux study guide but I don’t know how to config it. let me know squid 2.4 configuration step by step use in soho squid server . Pls mail me help me .

Thankz
Peter Zau Hkawng

Reply

5 peter April 14, 2011 at 12:27 pm

Hello everyone,
i’m using PHP to edit iptables rules on centOs. In fact, i’ve configured the sudoers file do grant priviliges to my xampp user (nobody). But what make me loose my cool is that, whenever i try to edit iptables in php script, nothing happens. What else do I really need to do in order to make it go? I really need your help.

Reply

6 kaliya singh May 20, 2011 at 7:33 am

how to install ldap server in linux rhel5?????

Reply

7 paramesh August 11, 2012 at 6:18 pm

i have an ldap server configured in rel5.4, i must login in windows7 using that ldap user please any body ?????????????????????

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous Faq:

Next Faq: