Gui for configuring NTP

jdow jdow at earthlink.net
Sat Dec 10 01:12:50 UTC 2005


From: "Scot L. Harris" <webid at cfl.rr.com>

> On Fri, 2005-12-09 at 19:12, jdow wrote:
>> From: "Paul Smith" <phhs80 at gmail.com>
>> 
> 
>> >> > Is your iptables open for NTP?
>> >> > I have this:
>> >> > -A INPUT -s 66.187.233.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
>> >> > -A INPUT -s 66.187.224.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
>> 
>> 
>> 
>> NOTE: that is only good if you have "clock1.redhat.com" as your clock
>> server. Make it correct for the clock server you select. You may have to
>> make it a range of addresses.
>> 
> 
> Why would you need to open these ports to have your system update it's
> time using NTP?  My systems seem to get NTP updates just fine sitting
> behind a firewall that does not have these ports opened.

I've seen some firewall setups wherein this was a problem. I have my
firewall setup so that it is not a problem. But I am just passing along
the benefits of long experience. That is why I suggested the various
ntpq and ntpdate tests along with watching for firewall messages.

I've been using ntp since the xntp days and have seen all manner of silly
problems.

{^_^}




More information about the fedora-list mailing list