[CentOS] NTP server problem behind firewall

Mon Sep 3 08:41:31 UTC 2012
Markus Falb <markus.falb at fasel.at>

On 2.9.2012 18:22, Artifex Maximus wrote:
> On Sun, Sep 2, 2012 at 2:33 PM, Markus Falb <markus.falb-fSWCc0FX9k8 at public.gmane.org> wrote:
>> On 2.9.2012 09:46, Artifex Maximus wrote:
>>> Hello!
>>> I would like to setup an NTP server for my Windows network using
>>> CentOS 6.3 with firewall turned on.
>>> The script for making firewall rules:
>>> iptables -P INPUT ACCEPT
>>> iptables -F
>>> iptables -A INPUT -i lo -j ACCEPT
>>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>>> iptables -A INPUT -i eth0 -s -p udp --dport 123 -j ACCEPT
>>> iptables -A INPUT -i eth0 -s -p tcp --dport 123 -j ACCEPT
>>> iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables
>>> denied: " --log-level 7
>>> iptables -A INPUT -j DROP
>>> iptables -P FORWARD DROP
>>> iptables -P OUTPUT ACCEPT
>> you must ACCEPT ntp in the FORWARD chain.
>> http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-6.html
> Thanks. Why?
> The packet destination is my server because NTP server is there so it
> passes to input box where 123 UDP is enabled. If I read the how-to
> correctly.

I thought you wanted to forward to another host. I think I was confused
because you mentioned the 2 NIC cards. Sorry.
Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 304 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120903/dc8c5b30/attachment-0005.sig>