nptd and firewall
David Hoffman
dhoffman2004 at gmail.com
Fri Jan 28 13:41:53 UTC 2005
On Fri, 28 Jan 2005 12:48:27 +0200, Markku Kolkka <markkuk at tuubi.net> wrote:
> Joel Stookey kirjoitti viestissään (lähetysaika perjantai, 28.
> tammikuuta 2005 07:37):
> > I am running a workstation FC1 installation on a dial-up
> > connection and want to connect ntpd to a server for a time
> > correction. I think I have it worked out except for how to
> > assure that UDP port 123 will open for it
>
> This is only needed if you want to use your machine as a NTP
> server for other machines. You can make NTP queries from your
> machine to NTP servers without changing anything in the default
> firewall configuration.
>
I'll second that. If the original poster's intentions are to simply
make an outbound connection to ANOTHER NTP Server, then he does not
have to change anything on his firewall. Unless, of course, the
firewall has been strictly locked down to only allow outbound traffic
on certain ports. Traffic coming FROM your machine to the internet
should be trusted, and with a stateful firewall, when you establish a
connection to an outside connection, the return traffic should be
automatically accepted.
So basically, you can't receive incoming traffic on UDP:123, but if
you make an outbound connection from your machine to 123.45.67.89:123,
you are telling your firewall to allow traffic to come back from
123.45.67.89:123 and it should allow it.
Again, the only caveat here is that it is assumed your firewall has
not been locked down any tighter than normal.
--
David
-----------------------------------------------------------------------
There are only 10 kinds of people in this world,
those who understand binary, and those who don't.
More information about the fedora-list
mailing list