Results 1 to 2 of 2

Thread: LDAP auth working only when firewall stopped

Hybrid View

  1. #1
    Join Date
    Sep 2006
    Posts
    5
    Rep Power
    9

    Default LDAP auth working only when firewall stopped

    I can't log in the web interface nor access emails through imap unless my firewall is stopped. The ldap initialization part of the install only worked after I turned off my firewall. I don't understand which rule I must add since I am already accepting connections on port 389? What should I change in my firewall to make zimbra work while it's turned on?

    If it helps, everything is installed on a single machine (zimbra modules, firewall, ...) which has a static IP address (no routers or DHCP, it's in a colocation center)

    # iptable -nvl
    Chain INPUT (policy DROP 68 packets, 10595 bytes)
    pkts bytes target prot opt in out source destination
    1012 149K ACCEPT all -- lo * 127.0.0.0/8 127.0.0.0/8
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
    1028 73612 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 flags:0x16/0x02
    6 336 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 flags:0x16/0x02
    1 60 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 flags:0x16/0x02
    0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 flags:0x16/0x02
    0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:7071 flags:0x16/0x02
    0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:7780 flags:0x16/0x02
    0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:81 flags:0x16/0x02
    0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:4343 flags:0x16/0x02
    0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:389 flags:0x16/0x02
    23 1380 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993 flags:0x16/0x02

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
    0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    Chain OUTPUT (policy DROP 427 packets, 26708 bytes)
    pkts bytes target prot opt in out source destination
    1012 149K ACCEPT all -- * lo 127.0.0.0/8 127.0.0.0/8
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
    942 149K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0

  2. #2
    Join Date
    Sep 2006
    Posts
    5
    Rep Power
    9

    Default problem solved

    After logging and tracking packets, I figured out the problem. Requests to the ldap deamon were not coming in eth0 but through the loopback. I had to let packets from my external IP to my external IP going either in or out the loopback through ports 389. I did the same thing for ports 25 and 7780 to allow sending emails from web interface and spellchecking with firewall on.

Similar Threads

  1. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 11:12 AM
  2. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 07:45 AM
  3. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM
  4. Services stopped working
    By lilwong in forum Administrators
    Replies: 4
    Last Post: 08-15-2006, 10:19 AM
  5. LDAP External Auth Fedora Directory Services
    By prpatrol in forum Administrators
    Replies: 3
    Last Post: 08-14-2006, 07:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •