How to Configure Iptables Firewall for 389 Directory Server on CentOS 6.2

In this post i will show the ports that need to be by passed in iptables firewall in order to make 389 Directory server accessible and working perfectly. Before the Windows Console (installed 389 Console.msi) from client’ PC connecting to 389 administration server, there are 3 important ports has to opened from iptables firewall. This will allow linux administrator or LDAP administrator to perform LDAP server search query or linux administration’s task. There are three(3) ports that are normally should be opened on 389 Directory Server.

READ  How to Configure Squid Proxy for LDAP Authentication on CentOS 6.2 using squid_ldap_auth

a) Port 389 (ldap)
b) Port 636 (ldaps – only if using TLS/SSL)
c) Admin server port (9830 by default)

Run netstat command to see opened port :

[root@centos62 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0        *                   LISTEN      1105/sshd
tcp        0      0    *                   LISTEN      1140/postmaster
tcp        0      0      *                   LISTEN      1415/httpd.worker
tcp        0      0 :::22                       :::*                        LISTEN      1105/sshd
tcp        0      0 ::1:5432                    :::*                        LISTEN      1140/postmaster
tcp        0      0 :::389                      :::*                        LISTEN      1792/ns-slapd

Open the iptables firewall configuration file then enable port 389, 636 and 9830 go through iptables firewall :

[root@centos62 ~]# vi /etc/sysconfig/iptables

Add these three(3) lines:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT

Then restart the iptables firewall :

[root@centos62 ~]# service iptables restart

Leave a Reply

Your email address will not be published. Required fields are marked *