[CentOS] NTP server problem behind firewall

Sun Sep 2 07:46:51 UTC 2012
Artifex Maximus <artifexor at gmail.com>


I would like to setup an NTP server for my Windows network using
CentOS 6.3 with firewall turned on. As I learned the NTP protocol uses
port 123 UDP. I have two NIC cards. One for internal network and one
for access internet. Both cards in private address range. The problem
is when I am using firewall described below the client cannot access
the server. No idea why. Without firewall everything works flawless.
So the problem is not in the NTP configuration. No idea why but with
disabled firewall the first query gives error but all other query is
work. I am using arpwatch to see what is happen on network (new
machines and so). Not know is that related to the problem or not.

First I had used the system-config-firewall generated firewall
(standard firewall with port 123:udp added). No success, client cannot

Next I made a script for myself and saved with 'service iptables save'
command. The configuration is:


The script for making firewall rules:
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -s -p udp --dport 123 -j ACCEPT
iptables -A INPUT -i eth0 -s -p tcp --dport 123 -j ACCEPT
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables
denied: " --log-level 7
iptables -A INPUT -j DROP
iptables -P FORWARD DROP

Windows client time server is set to Just for sure I
enabled 123 TCP as well even I think that was unnecessary. The rule
which related to NTP (123 UDP) increments its packet and byte count
with 'iptables -L -n -v' so some connection was made. But no success
on sync.

Any idea what is wrong?