[ntp:questions] Re: IPTable Rule to allow NTP thru ?
Richard B. Gilbert
rgilbert88 at comcast.net
Sat Aug 19 11:41:16 UTC 2006
Jeff Boyce wrote:
> Greetings -
> I am hoping that someone can explain to me what I need to add or change
> to my firewall settings to allow ntp to synchronize to an outside time
> source. An example would be great, an explanation with the example would
> be super. My objective is to have a server in my office synchronize to
> an outside time server, then the desktop PC's would synchronize to the
> server. I have the desktop PC's configured properly, but my server is
> not communicating to an external time server. I would like to fix this
> as my server looses almost 2 minutes a month. I have read all the
> documentation on configuring ntp and have followed the discussions on
> this list for the past few months. I believe that ntp would work
> properly if I had the right firewall setting. I can give additional
> information on how I came to this conclusion if necessary.
> My general network setup is a dsl line coming into an ActionTec dsl
> modem gateway doing NAT. The dsl gateway has a simple firewall
> configuration utility which is set to allow ntp through. The gateway is
> then connected into my network switch (Dell 24 port unmanaged switch) in
> which my server (Dell PE2600) is also connected. The server is running
> RHEL 3, completely up to date. It appears that the IPtables rules on
> the server is blocking the ntp communication. Do I need to have both an
> INPUT and OUTPUT rule in iptables, or just one of these? I searched
> through the ntp.org site and could not find any firewall examples.
> Other google searches turned up a lot of conflicting information, some
> indicated that I did not need an INPUT rule because I am not a time
> server to the public. I want to be careful about changing my iptables
> as I understand I could cause more problems not knowing exactly what I
> am doing. My current iptables rules are pretty basic since we rely on
> the gateway firewall. I can forward a copy of my iptables rules to
> someone willing to help me, but did not want to post it publicly. If
> anyone can provide a firewall rule example and an explanation of the
> rule I would appreciate it. Thanks.
> Jeff Boyce
> questions mailing list
> questions at lists.ntp.isc.org
The stock RHEL 3 comes with an old version of nptd and a script that
starts it. That script makes changes to the firewall to allow NTP when
it starts. When the script shuts it down the firewall is restored. You
don't have to use the antique ntpd but you do have to use the script
unless you know enough to successfully tinker with the firewall.
The documentation for the firewall appears to have been written for
someone who already knows a great deal about it!!!
More information about the questions