Linux Iptables Open LDAP Server TCP Ports 389 and 636

last updated in Categories , , , , , , ,

The default Iptables configuration under CentOS / Red Hat / RHEL / Fedora Linux does not allow inbound access to LDAP service. How do I update iptables settings to allow access to the LDAP primary TCP #389 and encrypted-only TCP # 636 ports, while keeping all other ports on the server in their default protected state?

Under CentOS / RHEL you need to update /etc/sysconfig/iptables files. Usually you need to restrict access to an appropriate network block and network mask, representing the client machines on your LAN or WAN which will connect to your LDAP server hosted on RHEL.

Configure Iptables to Allow Access to the LDAP Server

Edit /etc/sysconfig/iptables using the text editor:
# vi /etc/sysconfig/iptables
Add the following lines, before the final LOG and DROP lines to give access only from network:

-A RH-Firewall-1-INPUT -s -m state --state NEW -p tcp --dport 389 -j ACCEPT
-A RH-Firewall-1-INPUT -s -m state --state NEW -p tcp --dport 636 -j ACCEPT

Save and close the file. Reload iptables firewall rules and open ports # 389 and 636:
# service iptables reload

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

8 comment

  1. Lightweight Directory Access Protocol is an application protocol for querying and modifying directory services running over TCP/IP. It is used for Email application, web server, squid, central authentication and much more.

    1. I have an LDAP server running on RHEL 6. When I do an LDAP search within that server, it works. But, when I perform the same search from outside, I get “Can’t connect to LDAP Server”. I have disabled the Firewall. Both ips are on the same subnet. But the same set up works from SLES 11(LDAP Server). What is different on RHEL 6. Any ideas? Thanks.

  2. Hi sir
    I heard that linux server is good for proxy, I also read linux study guide but I don’t know how to config it. let me know squid 2.4 configuration step by step use in soho squid server . Pls mail me help me .

    Peter Zau Hkawng

  3. Hello everyone,
    i’m using PHP to edit iptables rules on centOs. In fact, i’ve configured the sudoers file do grant priviliges to my xampp user (nobody). But what make me loose my cool is that, whenever i try to edit iptables in php script, nothing happens. What else do I really need to do in order to make it go? I really need your help.

  4. i have an ldap server configured in rel5.4, i must login in windows7 using that ldap user please any body ?????????????????????

    Still, have a question? Get help on our forum!