• Contact Us
  • Home
  • Installation
  • Configuration

Configuring iptables (Opening LDAP Ports)

Written by Maryanne Normann

Updated at July 27th, 2024

  • Quick Start
  • Installation
    Best Practices Configuration Troubleshooting Design Performance Platform
  • Maintenance
    Releases Upgrade
  • Reference
+ More

Table of Contents

See Also

Date: 11-04-2022

Some Linux distributions use an internal firewall service called iptables. Often times the default rules of iptables is very restrictive and will block LDAP/LDAPS traffic on the default ports of 389 and 636. The following is an example of how to update iptables to allow LDAP/LDAPS traffic:

Note for RedHad Users: The IPTables config is stored in /etc/sysconfig/iptables, and this is the file you have to update, otherwise the info will not be kept.

Export the current iptables rules and create a backup of the rules:

sudo iptables-save > iptables.rules
cp iptables.rules iptables.rules.bak

Open the iptables.rules file in a text editor and add the following:

#-------------- Start OpenLDAP config------------>
-A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 636 -j ACCEPT
#-------------- End OpenLDAP config--------------<

The resulting file should look something like this:

# Generated by iptables-save v1.4.7 on Fri Nov 27 04:54:38 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [192:19802]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#-------------- Start OpenLDAP config------------>
-A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 636 -j ACCEPT
#-------------- End OpenLDAP config--------------<
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Nov 27 04:54:38 2015

Apply the new iptables rule to the server:

sudo iptables-restore < iptables.rules

Test client access to the LDAP server using a utility like ldapwhoami or ldapsearch. If there are any issues with the new rules, restore the original rules using the following:

sudo iptables-restore < iptables.rules.bak

See Also

  • iptables(8) Man Page
  • ldapwhoami(1) Man Page
Copyright © 2020-2024 Symas Corporation. All rights reserved.
iptables ldap ports

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Backup and Restore Process
  • Configuring Core Dumps
  • Creating Dynamic Groups
  • Configure Time-Based One-Time Passwords ((T)OTP)
  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2023, Symas Corporation. All rights reserved. Privacy Statement (updated July 31, 2023)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA

Expand