Hi,
I've a DMZ with a webserver on 192.168.2.0/24 and an LDAP server on 192.168.1.174 using StartTLS on 389. I'd like one machine in the DMZ to be able to communicate only with the LDAP server and only on 389. I could do this with a port forward on the router but this would be messy and I'd have to change the names of servers to stop TLS breaking. Is there a way to do this with firewall rules? Thanks!
1 Like
uci -q delete firewall.dmz_ldap
uci set firewall.dmz_ldap="rule"
uci set firewall.dmz_ldap.name="dmz_ldap"
uci set firewall.dmz_ldap.src="dmz"
uci set firewall.dmz_ldap.dest="lan"
uci set firewall.dmz_ldap.dest_ip="192.168.1.174"
uci set firewall.dmz_ldap.dest_port="389"
uci set firewall.dmz_ldap.target="ACCEPT"
uci commit firewall
/etc/init.d/firewall restart
https://openwrt.org/docs/guide-user/firewall/firewall_configuration#rules
3 Likes
Thanks, worked perfectly!
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.