Port forwarding LDAP

De Instituto de Física - UFRGS
Revisão de 16h34min de 18 de maio de 2016 por Yescalianti (discussão | contribs) (Criou página com 'Assuming: eth0: network to be redirected (doesn't have a direct connection to the LDAP server) [ldap_server]: IP address of the LDAP server 389: LDAP authentication port...')
(dif) ← Edição anterior | Revisão atual (dif) | Versão posterior → (dif)
Ir para navegaçãoIr para pesquisar

Assuming:

eth0: network to be redirected (doesn't have a direct connection to the LDAP server)
[ldap_server]: IP address of the LDAP server
389: LDAP authentication port

In the host (let's call it "Master host") that has access to both networks (eth0 and the LDAP's network), you can apply:

   iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 389 -j DNAT --to [ldap_server]:389
   iptables -A FORWARD -p tcp -d [ldap_server] --dport 389 -j ACCEPT
   iptables -t nat -A POSTROUTING -d [ldap_server] -j MASQUERADE
   echo "1" > /proc/sys/net/ipv4/ip_forward

All hosts in eth0's subnet will have to use the Master's IP address instead of the LDAP server address. So when you want to authenticate, you use your Master and your Master forwards the connection to the LDAP server.