# Iptables and LDAP



## LoneWolf071 (Nov 10, 2004)

We're trying to determine why Our LDAP Client will not connect with our ldap server when we have IPTables enables on the Client. I have made sure that all the needed ports for LDAP are open, and all the correct protocols have been used. I've logged all the activity and can see no entry's that indicate that any other ports are being blocked, but I still cannot access the ldap server. Anyone know why?


```
*filter
:INPUT DROP [66:4755]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3101:411918]


-A INPUT -p tcp --dport 1:21 -j LOG
-A INPUT -p udp --dport 1:21 -j LOG
-A INPUT -p tcp --dport 23:65535 -j LOG
-A INPUT -p udp --dport 23:65535 -j LOG
-I INPUT 1 -i lo -j ACCEPT

-A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 636
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 697
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 389
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 135:139
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 2049
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 53
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 67:68
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p tcp --sport 1:65535 --dport 111


-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 636
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 697
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 389
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 135:139
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 2049
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 53
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 67:68
-A INPUT  -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -p udp --sport 1:65535 --dport 111

-A INPUT -m state --state RELATED -j ACCEPT

COMMIT
```


----------



## mechanicalmetal (Nov 12, 2008)

What are you using to connect to the LDAP server? Check your firewall logs and see what port the server is rejecting. Check it on SERVER end.

IP Tables look fine though.


----------



## mechanicalmetal (Nov 12, 2008)

What are you using to connect to the LDAP server? meaning=Client end, sorry.


----------

