From: "Scot L. Harris" <webid@xxxxxxxxxx>
On Fri, 2005-12-09 at 19:12, jdow wrote:
From: "Paul Smith" <phhs80@xxxxxxxxx>
>> > Is your iptables open for NTP?
>> > I have this:
>> > -A INPUT -s 66.187.233.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
>> > -A INPUT -s 66.187.224.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
NOTE: that is only good if you have "clock1.redhat.com" as your clock
server. Make it correct for the clock server you select. You may have to
make it a range of addresses.
Why would you need to open these ports to have your system update it's
time using NTP? My systems seem to get NTP updates just fine sitting
behind a firewall that does not have these ports opened.
I've seen some firewall setups wherein this was a problem. I have my
firewall setup so that it is not a problem. But I am just passing along
the benefits of long experience. That is why I suggested the various
ntpq and ntpdate tests along with watching for firewall messages.
I've been using ntp since the xntp days and have seen all manner of silly
problems.
{^_^}