FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 09-02-2012, 07:46 AM
Artifex Maximus
 
Default NTP server problem behind firewall

Hello!

I would like to setup an NTP server for my Windows network using
CentOS 6.3 with firewall turned on. As I learned the NTP protocol uses
port 123 UDP. I have two NIC cards. One for internal network and one
for access internet. Both cards in private address range. The problem
is when I am using firewall described below the client cannot access
the server. No idea why. Without firewall everything works flawless.
So the problem is not in the NTP configuration. No idea why but with
disabled firewall the first query gives error but all other query is
work. I am using arpwatch to see what is happen on network (new
machines and so). Not know is that related to the problem or not.

First I had used the system-config-firewall generated firewall
(standard firewall with port 123:udp added). No success, client cannot
connect.

Next I made a script for myself and saved with 'service iptables save'
command. The configuration is:

eth0 10.0.0.99/24
eth1 10.0.1.10/24

The script for making firewall rules:
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p udp --dport 123 -j ACCEPT
iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p tcp --dport 123 -j ACCEPT
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables
denied: " --log-level 7
iptables -A INPUT -j DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Windows client time server is set to 10.0.0.99. Just for sure I
enabled 123 TCP as well even I think that was unnecessary. The rule
which related to NTP (123 UDP) increments its packet and byte count
with 'iptables -L -n -v' so some connection was made. But no success
on sync.

Any idea what is wrong?

Bye,
a
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org