Linux Iptables Open LDAP Server TCP Ports 389 and 636

The default Iptables configuration under CentOS / Red Hat / RHEL / Fedora Linux does not allow inbound access to LDAP service. How do I update iptables settings to allow access to the LDAP primary TCP #389 and encrypted-only TCP # 636 ports, while keeping all other ports on the server in their default protected state?

Under CentOS / RHEL you need to update /etc/sysconfig/iptables files. Usually you need to restrict access to an appropriate network block and network mask, representing the client machines on your LAN or WAN which will connect to your LDAP server hosted on RHEL.

Configure Iptables to Allow Access to the LDAP Server

Edit /etc/sysconfig/iptables using the text editor:
# vi /etc/sysconfig/iptables
Add the following lines, before the final LOG and DROP lines to give access only from 192.168.1.0/24 network:

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 389 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 636 -j ACCEPT

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 389 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 636 -j ACCEPT

Save and close the file. Reload iptables firewall rules and open ports # 389 and 636:
# service iptables reload

Posted by: SXI ADMIN