Quote:
Originally Posted by reckless2k2  Hey this is just my 2 cents but killing SELinux and the Firewall is not optimal especially if this server is going to be out on a DMZ. At the very least you should enable the firewall and open the applicable ports for communication with the server:
example:
#nano /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7071 -j ACCEPT
#/etc/init.d/iptables restart
Ultimately, you can open what ports you like but I was giving basic ports related to SMTP, POP, POP SSL, IMAP, IMAP SSL, and admin port.
Even if it's inside a LAN protected by a hardware firewall, you should still enforce the firewall rules on that box. You can open these ports in the GUI as well but port ranges are best configured in the command line.
|
Absolutely-
As long as you have SELinux, and IPTables configured to accept on those ports, you're gonna be okay.
Code:
You also will need to add:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
For LDAP Replication.
jh