Mudanças entre as edições de "Port forwarding LDAP"
De Instituto de Física - UFRGS
(Criou página com 'Assuming: eth0: network to be redirected (doesn't have a direct connection to the LDAP server) [ldap_server]: IP address of the LDAP server 389: LDAP authentication port...') |
|||
(2 revisões intermediárias pelo mesmo usuário não estão sendo mostradas) | |||
Linha 1: | Linha 1: | ||
+ | '''Debian 8''' | ||
+ | |||
Assuming: | Assuming: | ||
Linha 7: | Linha 9: | ||
In the host (let's call it "Master host") that has access to both networks (eth0 and the LDAP's network), you can apply: | In the host (let's call it "Master host") that has access to both networks (eth0 and the LDAP's network), you can apply: | ||
− | iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 389 -j DNAT --to [ldap_server]:389 | + | # iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 389 -j DNAT --to [ldap_server]:389 |
− | iptables -A FORWARD -p tcp -d [ldap_server] --dport 389 -j ACCEPT | + | # iptables -A FORWARD -p tcp -d [ldap_server] --dport 389 -j ACCEPT |
− | iptables -t nat -A POSTROUTING -d [ldap_server] -j MASQUERADE | + | # iptables -t nat -A POSTROUTING -d [ldap_server] -j MASQUERADE |
− | echo "1" > /proc/sys/net/ipv4/ip_forward | + | # echo "1" > /proc/sys/net/ipv4/ip_forward |
+ | |||
+ | To save (make permanent) the settings: | ||
+ | # iptables-save > /etc/iptables.up.rules | ||
+ | ''Add these 2 lines to /etc/network/if-pre-up.d/iptables'': | ||
+ | #!/bin/sh | ||
+ | /sbin/iptables-restore < /etc/iptables.up.rules | ||
+ | ''Add this in /etc/rc.local (before the exit 0)'': | ||
+ | echo "1" > /proc/sys/net/ipv4/ip_forward | ||
All hosts in eth0's subnet will have to use the Master's IP address instead of the LDAP server address. | All hosts in eth0's subnet will have to use the Master's IP address instead of the LDAP server address. | ||
So when you want to authenticate, you use your Master and your Master forwards the connection to the LDAP server. | So when you want to authenticate, you use your Master and your Master forwards the connection to the LDAP server. |
Edição atual tal como às 13h16min de 31 de maio de 2016
Debian 8
Assuming:
eth0: network to be redirected (doesn't have a direct connection to the LDAP server) [ldap_server]: IP address of the LDAP server 389: LDAP authentication port
In the host (let's call it "Master host") that has access to both networks (eth0 and the LDAP's network), you can apply:
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 389 -j DNAT --to [ldap_server]:389 # iptables -A FORWARD -p tcp -d [ldap_server] --dport 389 -j ACCEPT # iptables -t nat -A POSTROUTING -d [ldap_server] -j MASQUERADE # echo "1" > /proc/sys/net/ipv4/ip_forward
To save (make permanent) the settings:
# iptables-save > /etc/iptables.up.rules
Add these 2 lines to /etc/network/if-pre-up.d/iptables:
#!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules
Add this in /etc/rc.local (before the exit 0):
echo "1" > /proc/sys/net/ipv4/ip_forward
All hosts in eth0's subnet will have to use the Master's IP address instead of the LDAP server address. So when you want to authenticate, you use your Master and your Master forwards the connection to the LDAP server.