Azure AD Domain Services and Linux IPtables

Question

Hello,
I am trying to allow Azure AD DS services for groups and user information through the Linux firewall (iptables) - using the SSSD service. When IPtables is turned off everything works as expected. I have allowed the incoming and outgoing traffic to the AD DS servers IP addresses, but the information is not getting updated and the SSSD service reports that the "backend offline". Has anyone worked with IPTables, SSSD and AD DS?

I feel I am missing something simple. Below is my iptables configuration, where it says AD_DS_IPADDRESS that is my removed IP address for the two Azure AD DS servers.

iptables -L

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- AD_DS_IPADDRESS anywhere
ACCEPT tcp -- AD_DS_IPADDRESS anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere AD_DS_IPADDRESS
ACCEPT tcp -- anywhere AD_DS_IPADDRESS

Answer 1

Hi @mmac

Thank you for asking this question on the **Microsoft Q&A Platform. **

Please, review the Virtual network design considerations and configuration options for Azure Active Directory Domain Services documentation

Hope this helps,

----------

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.

Answer 2

No that article did not help

Answer 3

Finally found issue - I allowed UDP in addtion to TCP and the services started to work!
Hope this helps someone else.