Markku Kolkka wrote:
Joel Stookey kirjoitti viestissään (lähetysaika perjantai, 28. tammikuuta 2005 07:37):
I am running a workstation FC1 installation on a dial-up connection and want to connect ntpd to a server for a time correction. I think I have it worked out except for how to assure that UDP port 123 will open for it
This is only needed if you want to use your machine as a NTP server for other machines. You can make NTP queries from your machine to NTP servers without changing anything in the default firewall configuration.
POSSIBLY not true. Remember that you need to allow packets in both directions for both the client and server cases.
Technical explanation: When using the "ipchains" version of firewall, there is no "stateful filtering" so you need to allow packets in both directions specifically, either through default allow policy (often used for outgoing) and possibly individual rules for the incoming. When using the "iptables" version of firewall, which is normally configured with "connection tracking", the statement becomes true. A client sends a packet, and the connection tracking remembers the outgoing packet and automatically punches the incoming reply to the client through the firewall (provided it arrives "soon enough", which from my experience it normally does.) UNFORTUNATELY, I don't remember which version of firewall (ipchains or iptables) is installed by default for fc ONE (which was specified in the original query) and I have no way of knowing whether this was changed by the author of the question. ALSO, at some point Fedora did introduce a thing that automatically punched holes in the firewall based on the servers specified in the ntp configuration. Note that this is unnecessary for the iptables firewall, however (see above), which if I recall correctly, is where it was introduced.
