> -----Original Message----- > From: Rick Stevens [mailto:ricks@xxxxxxxx] > Sent: Friday, May 09, 2008 9:54 AM > To: Getting started with Red Hat Linux > Subject: Re: Help an IPTABLES neophyte please <snip> > > You didn't say which NICs are on the external and which are on the > internal (and I see 3 NICS in your ruleset). However, assuming eth0 is > the external and eth1 and eth2 are the internal, then > > # Permit incoming and outgoing LDAP:// traffic on eth0... > iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 389 -m state --state \ > ESTABLISHED,RELATED -j ACCEPT > iptables -A OUTPUT -o eth0 -s 0/0-p tcp --sport 389 -m state --state \ > NEW -j ACCEPT > # Permit incoming and outgoing LDAPS:// traffic on eth0... > iptables -A INPUT -i eth1 -s 0/0 -p tcp -sport 636 -m state --state \ > ESTABLISHED,RELATED -j ACCEPT > iptables -A OUTPUT -o eth0 -s 0/0-p tcp --sport 636 -m state --state \ > NEW -j ACCEPT > > Should be a good basis to start with. > ---------------------------------------------------------------------- > - Rick Stevens, Systems Engineer rps2@xxxxxxxx - > - Hosting Consulting, Inc. - > - - > - Blech! ACKth! Ooop! -- Bill the Cat (Outland) - > ---------------------------------------------------------------------- Okay, I finally got that working. #Allow outbound LDAP ## Permit incoming and outgoing LDAP:// traffic on eth0... iptables -A INPUT -i eth0 -s 0/0 -p tcp --sport 389 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o eth0 -s 0/0 -p tcp --sport 1024:65535 --dport 389 -m state --state NEW,ESTABLISHED -j ACCEPT There was no talking on 636, so I was going to leave that closed off unless there is a good reason to open it. Next step, forwarding LDAP requests over eth1 or eth2 going out eth0. _______________________________________________ Redhat-install-list mailing list Redhat-install-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request@xxxxxxxxxx Subject: unsubscribe