iptables and ldap

Joe Bielli jbielli at netsos.com
Tue Nov 5 10:47:08 EST 2002 

I've said it before and I'll say it again.. gShield! Best iptables front
end firewall script available.
 
http://muse.linuxmafia.org


Joe

-----Original Message-----
From: owner-nflug at nflug.org [mailto:owner-nflug at nflug.org] On Behalf Of
Robert Meyer
Sent: Tuesday, November 05, 2002 10:34 AM
To: nflug at nflug.org
Subject: Re: iptables and ldap

I've been thinking about learning iptables but haven't had a reason to
get into them, yet.  I just started using 'shorewall' for handling
a firewall at a place that I've been consulting with.  It creates the
input, output and forwarding rules based on descriptions of what
services you want handled.  It seems to work pretty well and I had
a firewall working in about six hours (including the time it took
to figger out shorewall) and it's working well.  I actually spent a bit
more time afterwards to create a bunch of DNAT rules for the servers
after the thing was running.

As a result, I still don't have a reason to learn iptables which is
probably a failing on my part.  I suspect that if you give it a try,
you might like the capabilities.

Cheers!

Bob
--- Darin Perusich <darinper at cognigencorp.com> wrote:
> hello,
> 
> i'm setting up an iptables script and for some unknown reason i can't 
> get the ldap client rule working, yet my ldap server rule is working 
> fine. at this point i just want to get the rule working, i'll refign
it 
> further later.
> 
> here's the rule, default policy is DROP.
> 
> LAN_IP="172.16.0.85
> LAN_INTERFACE="eth0"
> LOCAL_NETWORK="172.16.0.0/24"
> PRIVPORTS="0:1024"
> UNPRIVPORTS="1024:65535"
> 
> # LDAP Client
> # -----------
> iptables -A INPUT -i $LAN_INTERFACE -p tcp \
>  --source-port $UNPRIVPORTS \
>  --destination-port 389 -j ACCEPT
> 
> iptables -A OUTPUT -i $LAN_INTERFACE -p tcp \
>  --source-port 389 \
>  --destination-port $UNPRIVPORTS -j ACCEPT
> 
> # LDAP Server
> # -----------
> 
> iptables -A INPUT -i $LAN_INTERFACE -p tcp \
>          -s $LOCAL_NETWORK --source-port $UNPRIVPORTS \
>          -d $LAN_IP --destination-port ldap -j ACCEPT
> 
> iptables -A OUTPUT -o $LAN_INTERFACE -p tcp \
>          -s $LAN_IP --source-port ldap \
>          -d $LOCAL_NETWORK --destination-port $UNPRIVPORTS -j ACCEPT
> 
> -- 
> Darin Perusich
> Unix Systems Administrator
> Cognigen Corp.
> darinper at cognigencorp.com
> 
> 

=====
Bob Meyer
Knightwing Communications, Inc.
36 Cayuga Blvd
Depew, NY 14043
Phone: 716-308-8931 or 716-681-0076
Meyer_RM at Yahoo.com

__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/

More information about the nflug mailing list