On Tue, Dec 4, 2012 at 2:29 PM, Rajagopal Swaminathan < raju.rajsand at gmail.com> wrote: > Greetings, > > Please treat this post with kid gloves as I am bit rusty of the late on > centos and last NTP server that I worked on was during centos 5.1 days. > > I am going to have to install centos 6.3 in coming week in all windows > environment. > > This box will be the tunning glpi and ocs-inventory. > > I am planning to have two NICs: one facing the raw internet and other on a > Private LAN. It's not necessary to have two NICs unless you're setting it up as your firewall. Do as you see fit. > I want this box (as NTP Client) to get time through NTP from raw internet > using ADSL. > Take a look at /etc/ntp.conf ... it has comments that document it well. Add time sources (servers) to your ntp.conf [0]. I've read recommendations to have at least eight time sources, but definitely have three (CentOS defaults to three). It's generally recommended to select servers from the public NTP pool [1]. Consider adding restrictions [2] to go along with each time source to secure it. > I want this box to be the primary NTP server for the private LAN. > If you're using DHCP to assign addresses then you can set the ntp server option. Since you have a group of servers I find it unlikely you're using DHCP. You'll probably have to use Group Policy or any other method to set the time server on your Windows boxes. > none of the packet should traverse pass from LAN to Internet or vice versa. > IOW, no routing should be there. > > If it work perhaps at a future date, may be an instance of squid proxy. > > I dont mind all the ports being open for the Private LAN or is that a bad > idea? > It's best practice to implement firewall rules that only open up what needs to be accessible. Certainly add an iptables rule for UDP port 123 that allows your LAN subnet(s). > I am not sure if there is a DNS in this whole scenario > I strongly suggest you refer to your internal NTP server by its domain name. This will make it easy to point clients at a different physical host by updating a DNS record. > And yes all the windows boxens (few w2k3, XP) in the LAN would have to > synchronise time with this centos bo > > Is it possible? > > If so, how would typical config files for eth0, eth2, firewall(s) look > like? > > So it seems... Are you making this box into a firewall / NAT host? [0] http://support.ntp.org/bin/view/Support/ConfiguringNTP [1] http://www.pool.ntp.org/en/ [2] http://support.ntp.org/bin/view/Support/AccessRestrictions > -- > Regards, > > Rajagopal > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > ---~~.~~--- Mike // SilverTip257 //