[CentOS] NTP server problem behind firewall

Mon Sep 3 12:32:08 UTC 2012
Giles Coochey <giles at coochey.net>

On 03/09/2012 13:00, Philippe Naudin wrote:
> Le lun. 03 sept. 2012 13:15:41 CEST, Leonard den Ottolander a écrit:
>> On Sun, 2012-09-02 at 07:46 +0000, Artifex Maximus wrote:
>>> Any idea what is wrong?
>> The iptables rules you specify only allow clients from your local
>> network access to your "proxy" ntp server. However, you do not specify
>> any rules for eth1 to allow that ntp server to synchronise with the
>> remote servers it is using. So unless you are using a local time source
>> that might be your problem.
> I don't think this is the problem : the firewall accept everything in
> the output chain, and established/related in input : my ntp server
> works fine with the same rules (123/tcp is indeed useless).
> For me, the problem is not ntp+iptables, or it should appears in
> /var/log/messages, thanks to the -j LOG.
> There can be something wrong in ntp.conf (but this is probably not the
> case since it works without firewall), in the firewall (for example, if
> it blocks DNS requests), or in the network configuration.
> Regards,

Does 'ntpq -p' show your server actually syncing with ntp hosts?


Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
giles at coochey.net