[389-users] 389-ds apparently listens only on loopback
Nathan Kinder
nkinder at redhat.com
Fri Jul 8 15:00:38 UTC 2011
On 07/08/2011 07:26 AM, Arian Sanusi wrote:
> does that mean it listens only on IPv6?
What does 'sysctl net.ipv6.bindv6only' show on your system?
Do you have nsslapd-listenhost set in your cn=config entry? You can
check this in /etc/dirsrv/slapd-<instance>/dse.ldif.
> [root at centos5-test ~]# netstat -tlnp
> Aktive Internetverbindungen (Nur Server)
> Proto Recv-Q Send-Q Local Address Foreign
> Address State PID/Program name
> tcp 0 0 0.0.0.0:9830
> 0.0.0.0:* LISTEN 2812/httpd.worker
> tcp 0 0 0.0.0.0:646
> 0.0.0.0:* LISTEN 2160/rpc.statd
> tcp 0 0 0.0.0.0:111
> 0.0.0.0:* LISTEN 2121/portmap
> tcp 0 0 127.0.0.1:25
> 0.0.0.0:* LISTEN 2431/sendmail: acce
> tcp 0 0 127.0.0.1:6010
> 0.0.0.0:* LISTEN 3982/0
> tcp 0 0 :::389
> :::* LISTEN 3885/ns-slapd
> tcp 0 0 :::22
> :::* LISTEN 2392/sshd
> tcp 0 0 ::1:6010
> :::* LISTEN 3982/0
> tcp 0 0 :::636
> :::* LISTEN 3885/ns-slapd
>
>
> [root at centos5-test ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere icmp any
> ACCEPT esp -- anywhere anywhere
> ACCEPT ah -- anywhere anywhere
> ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
> ACCEPT udp -- anywhere anywhere udp dpt:ipp
> ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere state NEW
> tcp dpt:ssh
> REJECT all -- anywhere anywhere reject-with
> icmp-host-prohibited
>
>
> On 08.07.2011 16:19, Paul Robert Marino wrote:
>> out put from
>> 'sudo netstat -tlnp'
>> please
>> followed by the the out put of
>> 'sudo /sbin/iptables -L'
>> feel free to obscure the ip's it they are internet visible replace the
>> first 2 octets with 192.168
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list