On 03/09/2012 13:00, Philippe Naudin wrote: > Le lun. 03 sept. 2012 13:15:41 CEST, Leonard den Ottolander a écrit: > >> On Sun, 2012-09-02 at 07:46 +0000, Artifex Maximus wrote: >>> Any idea what is wrong? >> The iptables rules you specify only allow clients from your local >> network access to your "proxy" ntp server. However, you do not specify >> any rules for eth1 to allow that ntp server to synchronise with the >> remote servers it is using. So unless you are using a local time source >> that might be your problem. > I don't think this is the problem : the firewall accept everything in > the output chain, and established/related in input : my ntp server > works fine with the same rules (123/tcp is indeed useless). > > For me, the problem is not ntp+iptables, or it should appears in > /var/log/messages, thanks to the -j LOG. > There can be something wrong in ntp.conf (but this is probably not the > case since it works without firewall), in the firewall (for example, if > it blocks DNS requests), or in the network configuration. > > Regards, > Does 'ntpq -p' show your server actually syncing with ntp hosts? -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles at coochey.net