Greetings,
Please treat this post with kid gloves as I am bit rusty of the late on centos and last NTP server that I worked on was during centos 5.1 days.
I am going to have to install centos 6.3 in coming week in all windows environment.
This box will be the tunning glpi and ocs-inventory.
I am planning to have two NICs: one facing the raw internet and other on a Private LAN.
I want this box (as NTP Client) to get time through NTP from raw internet using ADSL.
I want this box to be the primary NTP server for the private LAN.
none of the packet should traverse pass from LAN to Internet or vice versa. IOW, no routing should be there.
If it work perhaps at a future date, may be an instance of squid proxy.
I dont mind all the ports being open for the Private LAN or is that a bad idea?
I am not sure if there is a DNS in this whole scenario
And yes all the windows boxens (few w2k3, XP) in the LAN would have to synchronise time with this centos bo
Is it possible?
If so, how would typical config files for eth0, eth2, firewall(s) look like?
On Tue, Dec 4, 2012 at 2:29 PM, Rajagopal Swaminathan < raju.rajsand@gmail.com> wrote:
Greetings,
Please treat this post with kid gloves as I am bit rusty of the late on centos and last NTP server that I worked on was during centos 5.1 days.
I am going to have to install centos 6.3 in coming week in all windows environment.
This box will be the tunning glpi and ocs-inventory.
I am planning to have two NICs: one facing the raw internet and other on a Private LAN.
It's not necessary to have two NICs unless you're setting it up as your firewall. Do as you see fit.
I want this box (as NTP Client) to get time through NTP from raw internet
using ADSL.
Take a look at /etc/ntp.conf ... it has comments that document it well. Add time sources (servers) to your ntp.conf [0]. I've read recommendations to have at least eight time sources, but definitely have three (CentOS defaults to three). It's generally recommended to select servers from the public NTP pool [1]. Consider adding restrictions [2] to go along with each time source to secure it.
I want this box to be the primary NTP server for the private LAN.
If you're using DHCP to assign addresses then you can set the ntp server option. Since you have a group of servers I find it unlikely you're using DHCP. You'll probably have to use Group Policy or any other method to set the time server on your Windows boxes.
none of the packet should traverse pass from LAN to Internet or vice versa. IOW, no routing should be there.
If it work perhaps at a future date, may be an instance of squid proxy.
I dont mind all the ports being open for the Private LAN or is that a bad idea?
It's best practice to implement firewall rules that only open up what needs to be accessible. Certainly add an iptables rule for UDP port 123 that allows your LAN subnet(s).
I am not sure if there is a DNS in this whole scenario
I strongly suggest you refer to your internal NTP server by its domain name. This will make it easy to point clients at a different physical host by updating a DNS record.
And yes all the windows boxens (few w2k3, XP) in the LAN would have to synchronise time with this centos bo
Is it possible?
If so, how would typical config files for eth0, eth2, firewall(s) look like?
So it seems... Are you making this box into a firewall / NAT host?
[0] http://support.ntp.org/bin/view/Support/ConfiguringNTP [1] http://www.pool.ntp.org/en/ [2] http://support.ntp.org/bin/view/Support/AccessRestrictions
-- Regards,
Rajagopal _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
---~~.~~--- Mike // SilverTip257 //
-
Rajagopal Swaminathan -
SilverTip257