Port forwarding LDAP: mudanças entre as edições

De Instituto de Física - UFRGS
Ir para navegaçãoIr para pesquisar
Sem resumo de edição
Sem resumo de edição
 
Linha 3: Linha 3:
Assuming:
Assuming:


eth0: network to be redirected (doesn't have a direct connection to the LDAP server)
eth0: network to be redirected (doesn't have a direct connection to the LDAP server)
[ldap_server]: IP address of the LDAP server
[ldap_server]: IP address of the LDAP server
389: LDAP authentication port
389: LDAP authentication port


In the host (let's call it "Master host") that has access to both networks (eth0 and the LDAP's network), you can apply:
In the host (let's call it "Master host") that has access to both networks (eth0 and the LDAP's network), you can apply:

Edição atual tal como às 13h16min de 31 de maio de 2016

Debian 8

Assuming:

eth0: network to be redirected (doesn't have a direct connection to the LDAP server)
[ldap_server]: IP address of the LDAP server
389: LDAP authentication port

In the host (let's call it "Master host") that has access to both networks (eth0 and the LDAP's network), you can apply:

   # iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 389 -j DNAT --to [ldap_server]:389
   # iptables -A FORWARD -p tcp -d [ldap_server] --dport 389 -j ACCEPT
   # iptables -t nat -A POSTROUTING -d [ldap_server] -j MASQUERADE
   # echo "1" > /proc/sys/net/ipv4/ip_forward

To save (make permanent) the settings:

   # iptables-save > /etc/iptables.up.rules

Add these 2 lines to /etc/network/if-pre-up.d/iptables:

    #!/bin/sh
    /sbin/iptables-restore < /etc/iptables.up.rules

Add this in /etc/rc.local (before the exit 0):

    echo "1" > /proc/sys/net/ipv4/ip_forward

All hosts in eth0's subnet will have to use the Master's IP address instead of the LDAP server address. So when you want to authenticate, you use your Master and your Master forwards the connection to the LDAP server.