[ntp:questions] My ntpd stopped working

Dennis Hilberg, Jr. timekeeper at dennishilberg.com.invalid
Thu Sep 20 03:59:05 UTC 2007


rasmus wrote:
> On 19 Sep., 21:32, Jan Ceuleers <janspam.ceule... at skynet.be> wrote:
>> rasmus wrote:
>>>> The _first_ rule in your INPUT chain needs to explicitly allow all
>>>> traffic to 123/UDP. Something like this:
>>> Sorry, I was unclear. The rule I referred to was one that allowed udp/
>>> 123 traffic. So I have a rule exactly matching what you wrote at the
>>> head of my INPUT chain. I can see traffic reach my nptd and I can log
>>> packets with sport 123 in my OUTPUT filter.
>> You misunderstand. The rule only accepts packets that are related to an
>> ongoing connection. You need to accept ALL packets destined to UDP port
>> 123 (while retaining the stateful firewalling on all other traffic).
>>
>> So please do take Steve's advice and insert a -j ACCEPT rule matching
>> only UDP port 123 traffic at the start of your INPUT chain.
> 
> If I do misunderstand, then I am confused :) More probably, I am not
> explaining myself properly.
> Snippets from my iptables:
> 
> 67462 5124K ACCEPT     udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0           udp dpt:123
> ....
>   83M   40G ACCEPT     all  --  eth0   *       0.0.0.0/0
> 0.0.0.0/0           state RELATED,ESTABLISHED
> 
> So, unless I misunderstand :), I think I have the setup you advocate.
> 
> Cheers,
>   Rasmus
> 

You had it working a few hours ago, I could query your server and use it as 
a time source.  I get request timed out now, however.

Have you tried this for IPTables?  http://easyfwgen.morizot.net/gen/

-- 
Dennis Hilberg, Jr.	 timekeeper(at)dennishilberg(dot)com
NTP Server Information:  http://saturn.dennishilberg.com/ntp.php




More information about the questions mailing list