On 2.9.2012 18:22, Artifex Maximus wrote: > On Sun, Sep 2, 2012 at 2:33 PM, Markus Falb <markus.falb-fSWCc0FX9k8 at public.gmane.org> wrote: >> On 2.9.2012 09:46, Artifex Maximus wrote: >>> Hello! >>> >>> I would like to setup an NTP server for my Windows network using >>> CentOS 6.3 with firewall turned on. ... >>> The script for making firewall rules: >>> iptables -P INPUT ACCEPT >>> iptables -F >>> iptables -A INPUT -i lo -j ACCEPT >>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>> iptables -A INPUT -p tcp --dport 22 -j ACCEPT >>> iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p udp --dport 123 -j ACCEPT >>> iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p tcp --dport 123 -j ACCEPT >>> iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables >>> denied: " --log-level 7 >>> iptables -A INPUT -j DROP >>> iptables -P FORWARD DROP >>> iptables -P OUTPUT ACCEPT >> >> you must ACCEPT ntp in the FORWARD chain. >> http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-6.html > > Thanks. Why? ... > The packet destination is my server because NTP server is there so it > passes to input box where 123 UDP is enabled. If I read the how-to > correctly. I thought you wanted to forward to another host. I think I was confused because you mentioned the 2 NIC cards. Sorry. -- Kind Regards, Markus Falb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 304 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120903/dc8c5b30/attachment-0005.sig>