[CentOS] NTP server problem behind firewall

Artifex Maximus

artifexor at gmail.com
Sun Sep 2 07:46:51 UTC 2012


Hello!

I would like to setup an NTP server for my Windows network using
CentOS 6.3 with firewall turned on. As I learned the NTP protocol uses
port 123 UDP. I have two NIC cards. One for internal network and one
for access internet. Both cards in private address range. The problem
is when I am using firewall described below the client cannot access
the server. No idea why. Without firewall everything works flawless.
So the problem is not in the NTP configuration. No idea why but with
disabled firewall the first query gives error but all other query is
work. I am using arpwatch to see what is happen on network (new
machines and so). Not know is that related to the problem or not.

First I had used the system-config-firewall generated firewall
(standard firewall with port 123:udp added). No success, client cannot
connect.

Next I made a script for myself and saved with 'service iptables save'
command. The configuration is:

eth0 10.0.0.99/24
eth1 10.0.1.10/24

The script for making firewall rules:
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p udp --dport 123 -j ACCEPT
iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p tcp --dport 123 -j ACCEPT
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables
denied: " --log-level 7
iptables -A INPUT -j DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Windows client time server is set to 10.0.0.99. Just for sure I
enabled 123 TCP as well even I think that was unnecessary. The rule
which related to NTP (123 UDP) increments its packet and byte count
with 'iptables -L -n -v' so some connection was made. But no success
on sync.

Any idea what is wrong?

Bye,
a



More information about the CentOS mailing list