IPTable Rule to allow NTP thru ?



Greetings -

I am hoping that someone can explain to me what I need to add or change to my firewall settings to allow ntp to synchronize to an outside time source. An example would be great, an explanation with the example would be super. My objective is to have a server in my office synchronize to an outside time server, then the desktop PC's would synchronize to the server. I have the desktop PC's configured properly, but my server is not communicating to an external time server. I would like to fix this as my server looses almost 2 minutes a month. I have read all the documentation on configuring ntp and have followed the discussions on this list for the past few months. I believe that ntp would work properly if I had the right firewall setting. I can give additional information on how I came to this conclusion if necessary.

My general network setup is a dsl line coming into an ActionTec dsl modem gateway doing NAT. The dsl gateway has a simple firewall configuration utility which is set to allow ntp through. The gateway is then connected into my network switch (Dell 24 port unmanaged switch) in which my server (Dell PE2600) is also connected. The server is running RHEL 3, completely up to date. It appears that the IPtables rules on the server is blocking the ntp communication. Do I need to have both an INPUT and OUTPUT rule in iptables, or just one of these? I searched through the ntp.org site and could not find any firewall examples. Other google searches turned up a lot of conflicting information, some indicated that I did not need an INPUT rule because I am not a time server to the public. I want to be careful about changing my iptables as I understand I could cause more problems not knowing exactly what I am doing. My current iptables rules are pretty basic since we rely on the gateway firewall. I can forward a copy of my iptables rules to someone willing to help me, but did not want to post it publicly. If anyone can provide a firewall rule example and an explanation of the rule I would appreciate it. Thanks.

Jeff Boyce
www.meridianenv.com

_______________________________________________
questions mailing list
questions@xxxxxxxxxxxxxxxxx
https://lists.ntp.isc.org/mailman/listinfo/questions

.



Relevant Pages

  • Re: Syncing iptables rules between two servers
    ... rules separate and distinct from the rest of your firewall rules. ... So call them what you want, but on host A and host B have: ... Is there anyone that know about how I can "sync" iptables rules on two ... automaticly be blocked on another server to. ...
    (Security-Basics)
  • Re: Cant get Windows/2000 Client to synchronize with my NTP server on CentOS 4.2
    ... iptables), and other basic services, like NTP. ... I have tested this without the firewall, to make sure the firewall was not ... The firewall should not restrict access to/from the network host ... I can see that my server is properly synchronizing against ...
    (comp.protocols.time.ntp)
  • Re: Syncing iptables rules between two servers
    ... rules separate and distinct from the rest of your firewall rules. ... So call them what you want, but on host A and host B have: ... Is there anyone that know about how I can "sync" iptables rules on two ... automaticly be blocked on another server to. ...
    (Focus-Linux)
  • Cant get Windows/2000 Client to synchronize with my NTP server on CentOS 4.2
    ... connects my internal home network to the Internet, provides a firewall, and other basic services, like NTP. ... The firewall should not restrict access to/from the network host ... I have NTP configured to synchronize against three servers, ...
    (comp.protocols.time.ntp)
  • Re: Syncing iptables rules between two servers
    ... Is there anyone that know about how I can "sync" iptables rules on two ... automaticly be blocked on another server to. ... What's the problem of having your firewall be dependent on a sql server? ... Or have the firewall script run in two stages.. ...
    (Focus-Linux)