Howdy, On Fri, 2005-12-09 at 18:40 -0600, Nathaniel Hall wrote: > Scot L. Harris wrote: > > On Fri, 2005-12-09 at 19:12, jdow wrote: > > > > > From: "Paul Smith" <phhs80@xxxxxxxxx> > > > > > > > > > > > > > > > > Is your iptables open for NTP? > > > > > > I have this: > > > > > > -A INPUT -s 66.187.233.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT > > > > > > -A INPUT -s 66.187.224.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT > > > > > > > > > > > > NOTE: that is only good if you have "clock1.redhat.com" as your clock > > > server. Make it correct for the clock server you select. You may have to > > > make it a range of addresses. > > > > > > > > > > Why would you need to open these ports to have your system update it's > > time using NTP? My systems seem to get NTP updates just fine sitting > > behind a firewall that does not have these ports opened. > > > > > > > Then it isn't a firewall. Well, I guess it could be, but it is a very > poor firewall. I'll almost guarantee that the ports are open, you > just don't know it. That simply isn't so. All my systems are sitting behind a hardware firewall & I can guarantee that the ports are not open. The thing is, the firewall will cheerfully pass a request to the outside from a client system & return whatever is requested. Unless, some sort of rule is set explicitly telling it not to do so. This is the way a firewall is supposed to work. taharka Lexington, Kentucky U.S.A.
