[ntp:questions] IPTable Rule to allow NTP thru ?

Jeff Boyce jboyce at meridianenv.com
Fri Aug 18 22:50:21 UTC 2006

Greetings -

I am hoping that someone can explain to me what I need to add or change to 
my firewall settings to allow ntp to synchronize to an outside time source. 
An example would be great, an explanation with the example would be super. 
My objective is to have a server in my office synchronize to an outside time 
server, then the desktop PC's would synchronize to the server.  I have the 
desktop PC's configured properly, but my server is not communicating to an 
external time server.  I would like to fix this as my server looses almost 2 
minutes a month.  I have read all the documentation on configuring ntp and 
have followed the discussions on this list for the past few months.  I 
believe that ntp would work properly if I had the right firewall setting.  I 
can give additional information on how I came to this conclusion if 

My general network setup is a dsl line coming into an ActionTec dsl modem 
gateway doing NAT.  The dsl gateway has a simple firewall configuration 
utility which is set to allow ntp through.  The gateway is then connected 
into my network switch (Dell 24 port unmanaged switch) in which my server 
(Dell PE2600) is also connected.  The server is running RHEL 3, completely 
up to date.  It appears that the IPtables rules on the server is blocking 
the ntp communication.  Do I need to have both an INPUT and OUTPUT rule in 
iptables, or just one of these?  I searched through the ntp.org site and 
could not find any firewall examples.  Other google searches turned up a lot 
of conflicting information, some indicated that I did not need an INPUT rule 
because I am not a time server to the public.  I want to be careful about 
changing my iptables as I understand I could cause more problems not knowing 
exactly what I am doing.  My current iptables rules are pretty basic since 
we rely on the gateway firewall.  I can forward a copy of my iptables rules 
to someone willing to help me, but did not want to post it publicly.  If 
anyone can provide a firewall rule example and an explanation of the rule I 
would appreciate it.  Thanks.

Jeff Boyce

More information about the questions mailing list