Date: Sun, 12 Dec 1999 03:07:04 -0500 (EST) From: gregc@pm-tech.com (Greg Cronau) To: sheber@mwci.net Cc: freebsd-questions@freebsd.org Subject: Re: ntpdate and firewall rules (maybe) Message-ID: <m11x424-000816C@altair.pm-tech.com> In-Reply-To: <944984297_PM_BeOS.sheber@mwci.net> from "Sean Heber" at Dec 12, 99 01:38:17 am
next in thread | previous in thread | raw e-mail | index | archive | help
Sean Heber
>
>Hello.
>
>I had someone who knows firewall rules much better than I setup a system of
>mine for maximum security. I just noticed that since I implemented those
>rules I can no longer use ntpdate. It always seems to fail saying it cannot
>find a server. After a bit of digging I'm pretty sure that the problem is
>simple--the packets can't get back to ntpdate. So then I tried playing with
>my firewall rules. Luckily the server is still sitting here and not in some
>far off hosting place as I managed to screw things up pretty bad. :-)
>
>So, after a bunch of mucking around, I have decided I have no clue how to fix
> this NTP problem. What rules do I need to add to my configuration to allow
> NTP to work?
>
>Here's what I'm using now:
>
> [List of rules deleted.]
Those arn't bad firewall rules, they could use some improvments, but
they'll do for now. For ntp you want to add the following rule just
before the last one:
$fwcmd add pass udp from any ntp to any ntp in recv ${oif}
Your firewall code should be able to resolve "ntp" using the contents
of /etc/services. If it doesn't, replace "ntp" in this rule with "123".
---
Greg Cronau
gregc@pm-tech.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m11x424-000816C>