Re: IPTable Rule to allow NTP thru ?
- From: jboyce@xxxxxxxxxxxxxxx (Jeff Boyce)
- Date: Mon, 21 Aug 2006 16:47:09 GMT
Jeff Boyce wrote:
Greetings -rule I would appreciate it. Thanks.
I am hoping that someone can explain to me what I need to add or change
to my firewall settings to allow ntp to synchronize to an outside time
source. An example would be great, an explanation with the example would
be super. My objective is to have a server in my office synchronize to
an outside time server, then the desktop PC's would synchronize to the
server. I have the desktop PC's configured properly, but my server is
not communicating to an external time server. I would like to fix this
as my server looses almost 2 minutes a month. I have read all the
documentation on configuring ntp and have followed the discussions on
this list for the past few months. I believe that ntp would work
properly if I had the right firewall setting. I can give additional
information on how I came to this conclusion if necessary.
My general network setup is a dsl line coming into an ActionTec dsl
modem gateway doing NAT. The dsl gateway has a simple firewall
configuration utility which is set to allow ntp through. The gateway is
then connected into my network switch (Dell 24 port unmanaged switch) in
which my server (Dell PE2600) is also connected. The server is running
RHEL 3, completely up to date. It appears that the IPtables rules on
the server is blocking the ntp communication. Do I need to have both an
INPUT and OUTPUT rule in iptables, or just one of these? I searched
through the ntp.org site and could not find any firewall examples.
Other google searches turned up a lot of conflicting information, some
indicated that I did not need an INPUT rule because I am not a time
server to the public. I want to be careful about changing my iptables
as I understand I could cause more problems not knowing exactly what I
am doing. My current iptables rules are pretty basic since we rely on
the gateway firewall. I can forward a copy of my iptables rules to
someone willing to help me, but did not want to post it publicly. If
anyone can provide a firewall rule example and an explanation of the
Jeff Boyce
www.meridianenv.com
Richard B. Gilbert replied:
The stock RHEL 3 comes with an old version of nptd and a script that
starts it. That script makes changes to the firewall to allow NTP when
it starts. When the script shuts it down the firewall is restored. You
don't have to use the antique ntpd but you do have to use the script
unless you know enough to successfully tinker with the firewall.
The documentation for the firewall appears to have been written for
someone who already knows a great deal about it!!!
I am a linux novice, but am the only one in my office with the capability to manage our computer systems. Can you point me to where this script file is that would have the firewall rule, so I can see if it is there and then just us it? I have mostly started ntp from the gnome services gui and not the command line, so I don't know if that makes a difference on whether it would implement a script to insert a firewall rule in iptables or not. But I am suspecting that what you describe is not the case for my system. I did recently reboot my server after a kernel update and when ntp restarted during reboot there messages indicating that the firewall was blocking it. This was one of the clues that helped me determine that the firewall was my main problem with making ntp operational.
Jeff Boyce
_______________________________________________
questions mailing list
questions@xxxxxxxxxxxxxxxxx
https://lists.ntp.isc.org/mailman/listinfo/questions
.
- Follow-Ups:
- Re: IPTable Rule to allow NTP thru ?
- From: Moe Trin
- Re: IPTable Rule to allow NTP thru ?
- From: Richard B. Gilbert
- Re: IPTable Rule to allow NTP thru ?
- Prev by Date: Re: ntp startup behaviour under Windows
- Next by Date: Re: IPTable Rule to allow NTP thru ?
- Previous by thread: Re: IPTable Rule to allow NTP thru ?
- Next by thread: Re: IPTable Rule to allow NTP thru ?
- Index(es):
Relevant Pages
|
|
