Re: ipchains and ntp udp port 123
From: Simon Matthews (nobody@devnull.none)Date: 06/20/02
- Next message: Fox Morrey: "setuid not?"
- Previous message: RainbowHat: "Re: Why?"
- In reply to: Robert Lomitola: "ipchains and ntp udp port 123"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Simon Matthews <nobody@devnull.none> Date: Thu, 20 Jun 2002 00:10:36 GMT
On Mon, 17 Jun 2002, Robert Lomitola wrote:
>
> If I turn off the ipchains service briefly I can successfully run
> ntpdate time.nist.gov and I sync up with the time server otherwise
> it doesn't work. High security option was selected during the
> installation and the server is patched up to date.
>
> Best regards,
If you are using ntpdate, the source port may not be 123:
(quote from http://rgrjr.dyndns.org/linux/ntp.html)
If your machine is behind a firewall, you need to be sure that packets to
and from remote NTP servers can get through. When ntpdate queries a
server, it sends a series of UDP packets (the default is four), each of
which is addressed to UDP port 123 on the remote machine and bears a
quasi-random source port, call it X, as the return address on the local
machine
(end quote)
So you probably need to allow packets with a destination port of 123 and a
source port of anywhere to go out, and the reverse to come back in.
>
>
>
>
>
>
- Next message: Fox Morrey: "setuid not?"
- Previous message: RainbowHat: "Re: Why?"
- In reply to: Robert Lomitola: "ipchains and ntp udp port 123"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
