On 2.9.2012 18:22, Artifex Maximus wrote:
On Sun, Sep 2, 2012 at 2:33 PM, Markus Falb markus.falb-fSWCc0FX9k8@public.gmane.org wrote:
On 2.9.2012 09:46, Artifex Maximus wrote:
Hello!
I would like to setup an NTP server for my Windows network using CentOS 6.3 with firewall turned on.
...
The script for making firewall rules: iptables -P INPUT ACCEPT iptables -F iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p udp --dport 123 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p tcp --dport 123 -j ACCEPT iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 iptables -A INPUT -j DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
you must ACCEPT ntp in the FORWARD chain. http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-6.html
Thanks. Why?
...
The packet destination is my server because NTP server is there so it passes to input box where 123 UDP is enabled. If I read the how-to correctly.
I thought you wanted to forward to another host. I think I was confused because you mentioned the 2 NIC cards. Sorry.