CentOS - Dec 2012 - Setting up NTP server

Greetings,

Please treat this post with kid gloves as I am bit rusty of the late on
centos and last NTP server that I worked on was during centos 5.1 days.

I am going to have to install centos 6.3 in coming week in all windows
environment.

This box will be the tunning glpi and ocs-inventory.

I am planning to have two NICs: one facing the raw internet and other on a
Private LAN.

I want this box  (as NTP Client) to get time through NTP from raw internet
using ADSL.

I want this box to be the primary NTP server for the private LAN.

none of the packet should traverse pass from LAN to Internet or vice versa.
IOW, no routing should be there.

If it work perhaps at a future date, may be an instance of squid proxy.

I dont mind all the ports being open for the Private LAN or is that a bad
idea?

I am not sure if there is a DNS in this whole scenario

And yes all the windows boxens (few w2k3, XP) in the LAN would have to
synchronise time with this centos bo

Is it possible?

If so, how would typical config files for eth0, eth2, firewall(s) look like?

-- 
Regards,

Rajagopal

On Tue, Dec 4, 2012 at 2:29 PM, Rajagopal Swaminathan <
raju.rajsand at gmail.com> wrote:
> Greetings,
>
> Please treat this post with kid gloves as I am bit rusty of the late on
> centos and last NTP server that I worked on was during centos 5.1 days.
>
> I am going to have to install centos 6.3 in coming week in all windows
> environment.
>
> This box will be the tunning glpi and ocs-inventory.
>
> I am planning to have two NICs: one facing the raw internet and other on a
> Private LAN.

It's not necessary to have two NICs unless you're setting it up as your
firewall.  Do as you see fit.

>
I want this box  (as NTP Client) to get time through NTP from raw
internet
> using ADSL.
>
Take a look at /etc/ntp.conf ... it has comments that document it well.
Add time sources (servers) to your ntp.conf [0].  I've read recommendations
to have at least eight time sources, but definitely have three (CentOS
defaults to three).
It's generally recommended to select servers from the public NTP pool [1].
Consider adding restrictions [2] to go along with each time source to
secure it.

> I want this box to be the primary NTP server for the private LAN.
>
If you're using DHCP to assign addresses then you can set the ntp server
option. Since you have a group of servers I find it unlikely you're using
DHCP.  You'll probably have to use Group Policy or any other method to set
the time server on your Windows boxes.

> none of the packet should traverse pass from LAN to Internet or vice versa.
> IOW, no routing should be there.
>
> If it work perhaps at a future date, may be an instance of squid proxy.
>
> I dont mind all the ports being open for the Private LAN or is that a bad
> idea?
>
It's best practice to implement firewall rules that only open up what needs
to be accessible.
Certainly add an iptables rule for UDP port 123 that allows your LAN
subnet(s).

> I am not sure if there is a DNS in this whole scenario
>
I strongly suggest you refer to your internal NTP server by its domain
name.  This will make it easy to point clients at a different physical host
by updating a DNS record.

> And yes all the windows boxens (few w2k3, XP) in the LAN would have to
> synchronise time with this centos bo
>
> Is it possible?
>
> If so, how would typical config files for eth0, eth2, firewall(s) look
> like?
>
>
So it seems...
Are you making this box into a firewall / NAT host?

[0] http://support.ntp.org/bin/view/Support/ConfiguringNTP
[1] http://www.pool.ntp.org/en/
[2] http://support.ntp.org/bin/view/Support/AccessRestrictions
> --
> Regards,
>
> Rajagopal
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
---~~.~~---
Mike
//  SilverTip257  //