The default Iptables configuration under CentOS / Red Hat / RHEL / Fedora Linux does not allow inbound access to LDAP service. How do I update iptables settings to allow access to the LDAP primary TCP #389 and encrypted-only TCP # 636 ports, while keeping all other ports on the server in their default protected state?
Under CentOS / RHEL you need to update /etc/sysconfig/iptables files. Usually you need to restrict access to an appropriate network block and network mask, representing the client machines on your LAN or WAN which will connect to your LDAP server hosted on RHEL.
Configure Iptables to Allow Access to the LDAP Server
Edit /etc/sysconfig/iptables using the text editor:
# vi /etc/sysconfig/iptables
Add the following lines, before the final LOG and DROP lines to give access only from 192.168.1.0/24 network:
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 389 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 636 -j ACCEPT
Save and close the file. Reload iptables firewall rules and open ports # 389 and 636:
# service iptables reload
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 6 comments… read them below or add one }
can you explain what is LDAP server and what is its use
Lightweight Directory Access Protocol is an application protocol for querying and modifying directory services running over TCP/IP. It is used for Email application, web server, squid, central authentication and much more.
I have an LDAP server running on RHEL 6. When I do an LDAP search within that server, it works. But, when I perform the same search from outside, I get “Can’t connect to LDAP Server”. I have disabled the Firewall. Both ips are on the same subnet. But the same set up works from SLES 11(LDAP Server). What is different on RHEL 6. Any ideas? Thanks.
Hi sir
I heard that linux server is good for proxy, I also read linux study guide but I don’t know how to config it. let me know squid 2.4 configuration step by step use in soho squid server . Pls mail me help me .
Thankz
Peter Zau Hkawng
Hello everyone,
i’m using PHP to edit iptables rules on centOs. In fact, i’ve configured the sudoers file do grant priviliges to my xampp user (nobody). But what make me loose my cool is that, whenever i try to edit iptables in php script, nothing happens. What else do I really need to do in order to make it go? I really need your help.
how to install ldap server in linux rhel5?????