Gui for configuring NTP
taharka
res00vl8 at alltel.net
Sat Dec 10 01:18:58 UTC 2005
Howdy,
On Fri, 2005-12-09 at 18:40 -0600, Nathaniel Hall wrote:
> Scot L. Harris wrote:
> > On Fri, 2005-12-09 at 19:12, jdow wrote:
> >
> > > From: "Paul Smith" <phhs80 at gmail.com>
> > >
> > >
> >
> >
> > > > > > Is your iptables open for NTP?
> > > > > > I have this:
> > > > > > -A INPUT -s 66.187.233.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
> > > > > > -A INPUT -s 66.187.224.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
> > > > > >
> > >
> > > NOTE: that is only good if you have "clock1.redhat.com" as your clock
> > > server. Make it correct for the clock server you select. You may have to
> > > make it a range of addresses.
> > >
> > >
> >
> > Why would you need to open these ports to have your system update it's
> > time using NTP? My systems seem to get NTP updates just fine sitting
> > behind a firewall that does not have these ports opened.
> >
> >
> >
> Then it isn't a firewall. Well, I guess it could be, but it is a very
> poor firewall. I'll almost guarantee that the ports are open, you
> just don't know it.
That simply isn't so. All my systems are sitting behind a hardware
firewall & I can guarantee that the ports are not open. The thing is,
the firewall will cheerfully pass a request to the outside from a client
system & return whatever is requested. Unless, some sort of rule is set
explicitly telling it not to do so. This is the way a firewall is
supposed to work.
taharka
Lexington, Kentucky U.S.A.
More information about the fedora-list
mailing list