https://www.freeipa.org/page/Quick_Start_Guide
"
The rule about /etc/hosts is that the fully-qualified name must come first. It
should look like:
10.0.0.1 server.ipa.test server
"
fully qualified name? Must be resolveable? reverse lookup of ip needs to fit to
hostname? So is 10.0.0.1 a public or private ip example here? My understanding
is that this is also about DNAT (own public IPv4 with port forwards to the
local system) and not just SNAT to be able to access the outer www.
----------
https://www.freeipa.org/page/Quick_Start_Guide#open-ports-in-the-firewall
"
Fedora comes with two pre-defined service rules for FreeIPA. One opens
Kerberos, HTTP, HTTPS, DNS, NTP and LDAP, the other the same set with LDAPS
instead of LDAP (out-of-the box you want LDAP).
"
This is not very helpful - it would help much more to know what needs to be
accessible where - as we operate a NAT gateway with stateful firewall in front
of the system.
----------
I really think that I am simply misunderstanding several things here and thus
configuring them incorrectly or perhaps something is missing in the
gateway/firewall?
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
