iptables and ldap
Darin Perusich
darinper at cognigencorp.com
Tue Nov 5 11:37:52 EST 2002
figured it out, i wasn't thinking backwards. when your the client the
OUTPUT is was you're sending to the server and the INPUT is what the
server give you in return.
Darin Perusich wrote:
> hello,
>
> i'm setting up an iptables script and for some unknown reason i can't
> get the ldap client rule working, yet my ldap server rule is working
> fine. at this point i just want to get the rule working, i'll refign it
> further later.
>
> here's the rule, default policy is DROP.
>
> LAN_IP="172.16.0.85
> LAN_INTERFACE="eth0"
> LOCAL_NETWORK="172.16.0.0/24"
> PRIVPORTS="0:1024"
> UNPRIVPORTS="1024:65535"
>
> # LDAP Client
> # -----------
> iptables -A INPUT -i $LAN_INTERFACE -p tcp \
> --source-port $UNPRIVPORTS \
> --destination-port 389 -j ACCEPT
>
> iptables -A OUTPUT -i $LAN_INTERFACE -p tcp \
> --source-port 389 \
> --destination-port $UNPRIVPORTS -j ACCEPT
>
> # LDAP Server
> # -----------
>
> iptables -A INPUT -i $LAN_INTERFACE -p tcp \
> -s $LOCAL_NETWORK --source-port $UNPRIVPORTS \
> -d $LAN_IP --destination-port ldap -j ACCEPT
>
> iptables -A OUTPUT -o $LAN_INTERFACE -p tcp \
> -s $LAN_IP --source-port ldap \
> -d $LOCAL_NETWORK --destination-port $UNPRIVPORTS -j ACCEPT
>
--
Darin Perusich
Unix Systems Administrator
Cognigen Corp.
darinper at cognigencorp.com
More information about the nflug
mailing list