[389-users] 389-ds apparently listens only on loopback

Nathan Kinder nkinder at redhat.com
Fri Jul 8 15:00:38 UTC 2011 

On 07/08/2011 07:26 AM, Arian Sanusi wrote:
> does that mean it listens only on IPv6?
What does 'sysctl net.ipv6.bindv6only' show on your system?

Do you have nsslapd-listenhost set in your cn=config entry? You can 
check this in /etc/dirsrv/slapd-<instance>/dse.ldif.
> [root at centos5-test ~]# netstat -tlnp
> Aktive Internetverbindungen (Nur Server)
> Proto Recv-Q Send-Q Local Address               Foreign
> Address             State       PID/Program name
> tcp        0      0 0.0.0.0:9830
> 0.0.0.0:*                   LISTEN      2812/httpd.worker
> tcp        0      0 0.0.0.0:646
> 0.0.0.0:*                   LISTEN      2160/rpc.statd
> tcp        0      0 0.0.0.0:111
> 0.0.0.0:*                   LISTEN      2121/portmap
> tcp        0      0 127.0.0.1:25
> 0.0.0.0:*                   LISTEN      2431/sendmail: acce
> tcp        0      0 127.0.0.1:6010
> 0.0.0.0:*                   LISTEN      3982/0
> tcp        0      0 :::389
> :::*                        LISTEN      3885/ns-slapd
> tcp        0      0 :::22
> :::*                        LISTEN      2392/sshd
> tcp        0      0 ::1:6010
> :::*                        LISTEN      3982/0
> tcp        0      0 :::636
> :::*                        LISTEN      3885/ns-slapd
>
>
> [root at centos5-test ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     esp  --  anywhere             anywhere
> ACCEPT     ah   --  anywhere             anywhere
> ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp dpt:ssh
> REJECT     all  --  anywhere             anywhere            reject-with
> icmp-host-prohibited
>
>
> On 08.07.2011 16:19, Paul Robert Marino wrote:
>> out put from
>> 'sudo netstat -tlnp'
>> please
>> followed by the the out put of
>> 'sudo /sbin/iptables -L'
>> feel free to obscure the ip's it they are internet visible replace the
>> first 2 octets with 192.168
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list