Allowing traffic from anywhere on subnet to one port on one machine on another subnet

I've a DMZ with a webserver on and an LDAP server on using StartTLS on 389. I'd like one machine in the DMZ to be able to communicate only with the LDAP server and only on 389. I could do this with a port forward on the router but this would be messy and I'd have to change the names of servers to stop TLS breaking. Is there a way to do this with firewall rules? Thanks!

1 Like
uci -q delete firewall.dmz_ldap
uci set firewall.dmz_ldap="rule"
uci set"dmz_ldap"
uci set firewall.dmz_ldap.src="dmz"
uci set firewall.dmz_ldap.dest="lan"
uci set firewall.dmz_ldap.dest_ip=""
uci set firewall.dmz_ldap.dest_port="389"
uci set"ACCEPT"
uci commit firewall
/etc/init.d/firewall restart


Thanks, worked perfectly!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.