Miller, Kevin R wrote:
There is still and iptables rule set but I disabled the service with a 
chkconfig iptables off and a chkconfig ip6tables off.  I also did a chkconfig 
firewalld off.  I just verified that each was still disabled with a service 
iptables status and repeated for the other services.


chkconfig doesn't stop a running service, just stops it from starting automatically on the next reboot.

iptables -L will tell you if there are any rules in the kernel now.

I ask because on my working F-18 box netstat shows the same output.

rob




-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, March 21, 2013 2:55 PM
To: Miller, Kevin R; Freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on Fedora 18 
issues

Miller, Kevin R wrote:
I went down that route because when I run the ipa_client_install it says that 
my IPA server is incorrect and to ensure that I have the required ports open. I 
disabled iptables and placed selinux into permissive mode.  I attempted 
externally to connect to the necessary ports and was able to determine that 
they wouldn't respond.  I then ran netstat and confirmed that port 389 and port 
80 were not listening for IPV4 connections.  The only listeners were on ::::389 
and ::::80.

I'd run iptables -L to ensure that you indeed have no rules. F-18 by default 
configures firewalld.

rob




-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, March 21, 2013 2:35 PM
To: Miller, Kevin R; Freeipa-users@redhat.com
Subject: Re: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on
Fedora 18 issues

Miller, Kevin R wrote:
I am able to connect to the web server (80) from the localhost but that is 
because it uses loopback to connect to the ipv6 listener.  I can telnet to 389 
on localhost but again this is due to loopback.

Right, but what about 127.0.0.1, for example? Or the IPv4 address. In other 
words, did you go down the netstat route because things weren't working or were 
you just checking?

rob



-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, March 21, 2013 12:45 PM
To: Miller, Kevin R; freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on
Fedora
18 issues

Miller, Kevin R wrote:
I installed freeipa from the Fedora 18 repo and then ran the
freeipa-server-install with the proper parameters.  Installation
seems to be successful but the http (80) and ldap (389) services are
not listening on the ipv4 interface.  I confirmed that the
/etc/hosts file contains a proper entry that maps the ipv4 address to the fqdn.
If I run a netstat -an |grep 389 I get the following

Tcp6       0              0              :::389     :::*         Listen

A netstat -an |grep 80 returns the same

Tcp6       0              0              :::80       :::*         Listen

Since I wasn't even using ipv6 I cannot explain why the services
were trying to bind to the ipv6 address instead of the configured
IPV4 address I decided to force IPV6 to be disabled by added an
entry in the /etc/sysctl.conf file to disable ipv6.  After I did
that, the port
80 now binds to 0.0.0.0 which is what I wanted but the 389 continues
to bind to :::.

Any tips would be appreciated.

Does it actually answer on a IPv4 address (including localhost) on port 389?

rob




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to