Shorewall users - Aug 2003 - How to let ntpd work through shorewall?

How do I make ntpd work through a shorewall firewall on another machine.

thanks

On 3 Aug 2003 at 15:45, cmisip wrote:
> How do I make ntpd work through a shorewall firewall on another
> machine.
> 
> thanks
Something like this might work...

ACCEPT          loc     net              tcp     time

But I haven''t tried that yet, so its speculation.

Also, given the ease of setting up ntpd, you should
NOT do that, but rather set up your firewall as a time server
and avoid hammering the public time servers with all your
hosts.  Use these rules:

ACCEPT          loc     fw              tcp     time
ACCEPT          fw      net             tcp     time

Then put your time servers in ntp.conf and enable
ntpd as one of your services.

-- 
______________________________________
John Andersen
NORCOM / Juneau, Alaska
http://www.screenio.com/
(907) 790-3386

._______________________________________
John S. Andersen
NORCOM  mailto:JAndersen@norcomsoftware.com
Juneau, Alaska
http://www.screenio.com/

John S. Andersen wrote:
>>How do I make ntpd work through a shorewall firewall on another
>>machine.
> 
> Something like this might work...
> 
> ACCEPT          loc     net              tcp     time
Make this

ACCEPT          loc     net              udp     ntp
> But I haven''t tried that yet, so its speculation.
> 
> Also, given the ease of setting up ntpd, you should
> NOT do that, but rather set up your firewall as a time server
> and avoid hammering the public time servers with all your
> hosts.  Use these rules:
> 
> ACCEPT          loc     fw              tcp     time
> ACCEPT          fw      net             tcp     time
ACCEPT          loc     fw              udp     ntp
ACCEPT          fw      net             udp     ntp
> Then put your time servers in ntp.conf and enable
> ntpd as one of your services.

-- 
Groeten,
Peter

-- 
Computer possessed? Try DEVICE=C:\EXOR.SYS

---
--- Heb je een Sony Digital video camera ?
--- Kijk eens op http://www.dvin.org
--- Kijk ook op http://www.lindeman.org
--- ICQ 22383596
--- Uptime lindeman.org - 210 days, 21 hours and 51 minutes, 0 users 
logged in.

On Sun, 03 Aug 2003 12:57:17 -0800, John S. Andersen 
<jsa@norcomix.dyndns.org> wrote:
> On 3 Aug 2003 at 15:45, cmisip wrote:
>
>> How do I make ntpd work through a shorewall firewall on another
>> machine.
>>
>> thanks
>
> Something like this might work...
>
> ACCEPT          loc     net              tcp     time
>
See http://shorewall.net/ports.htm -- the tcp time service has nothing to 
do with NTP. NTP uses UDP and has it''s own entry in /etc/services.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Sunday 03 August 2003 06:35 pm, Tom Eastep wrote:
> On Sun, 03 Aug 2003 12:57:17 -0800, John S. Andersen
>
> <jsa@norcomix.dyndns.org> wrote:
> > On 3 Aug 2003 at 15:45, cmisip wrote:
> >> How do I make ntpd work through a shorewall firewall on another
> >> machine.
> >>
> >> thanks
> >
> > Something like this might work...
> >
> > ACCEPT          loc     net              tcp     time
>
> See http://shorewall.net/ports.htm -- the tcp time service has nothing to
> do with NTP. NTP uses UDP and has it''s own entry in /etc/services.
>
> -Tom
One little gotcha is the inetd or xinetd setup. ?Have you made sure your 
/etc/inetd.conf or /etc/xinetd.d/time, whichever you use, has the line for 
the time thing uncommented or enabled?

ra

Richard schrieb:
> 
> On Sunday 03 August 2003 06:35 pm, Tom Eastep wrote:
> > On Sun, 03 Aug 2003 12:57:17 -0800, John S. Andersen
> >
> > <jsa@norcomix.dyndns.org> wrote:
> > > On 3 Aug 2003 at 15:45, cmisip wrote:
> > >> How do I make ntpd work through a shorewall firewall on
another
> > >> machine.
> > >>
> > >> thanks
> > >
> > > Something like this might work...
> > >
> > > ACCEPT          loc     net              tcp     time
> >
> > See http://shorewall.net/ports.htm -- the tcp time service has nothing
to
> > do with NTP. NTP uses UDP and has it''s own entry in
/etc/services.
> >
> > -Tom
> 
> One little gotcha is the inetd or xinetd setup.  Have you made sure your
> /etc/inetd.conf or /etc/xinetd.d/time, whichever you use, has the line for
> the time thing uncommented or enabled?
ntpd has nothing to do with inetd/xinetd.

Simon
> 
> ra
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm