I'm working on setting up a website to authenticate to my eDirectory server via LDAP w/TLS. I setup a DNAT rule to forward anything on port 389 from that specific IP to my eDir server. I also setup the appropriate packet filter rule to allow these packets through.
I tried to test it today while watching the packet filter live log and it appeared to be forwarding the packets fine. However, there is no response from the server and when I run a dstrace on the server, it doesn't show that even an attempt at a connection is made. However, it does work from inside the local network so I'm assuming it is getting blocked at the ASL server for some reason.
I need your help in figuring this one out. Is the packet filter the final say in what gets passed through or do other things stand after it, like the IDS/IPS or something else? If that's the case, that could be why the live log says everything is passed ok but really isn't.
Are there any ideas as to what could be stopping this traffic? I tried setting up a sniffer to see if I could see any of this on the local side but alas, everything is connected via switches and I have no usable hubs in-house.
Any tips would be appreciated.
This thread was automatically locked due to age.
