Hi,
I recently saw a discussion about ntp so I am sorry if I am repeating
a question. I didn't pay attention then as I had other fish to fry.
I am using DS cd 1.02 and I want to set up a ntp server for private
use. I thought about putting it on the firewall but decided to put it
on the web server instead. Safer?? My problem is this. When I use
ntpdate from the webserver on a private dmz, everything works great.
With no holes opened (masqued). However when I use xntpd (which is
preferable) then it no longer works. My assumption was that it wasn't
getting its return replies. so I tried to ipmlement it as a server by
opening udp 123 etc.. However that isn't working either. The changes
I made to network.conf are....
DMZ_SERVER1="udp $EXTERN_IP ntp 192.168.2.1 ntp"
EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc 0/0_ntp"
Am I forgetting something here?? Any help is appreciated.
Thanks, Robert
Feb 24 20:35:44 web ntpdate[675]: [ID 558275 daemon.notice] adjust
time server 17.254.0.27 offset -0.022205 sec
Feb 24 20:35:46 web xntpd[677]: [ID 702911 daemon.notice] xntpd
3-5.93e Mon Sep 20 15:47:11 PDT 1999 (1)
Feb 24 20:35:46 web xntpd[677]: [ID 301315 daemon.notice] tickadj =
5, tick = 10000, tvu_maxslew = 495, est. hz = 100
Feb 24 20:35:46 web xntpd[677]: [ID 182907 daemon.info] precision = 56 usec
Feb 24 20:35:46 web xntpd[677]: [ID 798731 daemon.notice] using
kernel phase-lock loop 0041
Feb 24 20:35:46 web last message repeated 1 time
Feb 24 20:35:46 web xntpd[677]: [ID 988144 daemon.debug]
signal_no_reset: signal 18 had flags 20000
^^^^^^^^^^^^^^^
Dachstein LEAF Firewall
:: Packet Filter ::
Chain input (policy DENY: 1 packets, 48 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 DENY udp ------ 0xFF 0x00 eth0
0.0.0.0/0 255.255.255.255 * -> *
0 0 DENY igmp ------ 0xFF 0x00 eth0
64.171.17.145 0.0.0.0/0 n/a
2 104 DENY udp ------ 0xFF 0x00 eth0
64.171.17.145 0.0.0.0/0 * -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.1.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
64.171.17.149 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 192.168.1.0/24 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 64.171.17.149 * -> 80
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 113
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 REJECT udp ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 68
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 123
0 0 DENY udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 67
16 1974 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 ACCEPT icmp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 161:162 -> *
133 9161 ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
48 3560 MASQ all ------ 0xFF 0x00 eth2
192.168.1.0/24 192.168.2.0/24 n/a
12 912 MASQ all ------ 0xFF 0x00 eth0
192.168.2.0/24 0.0.0.0/0 n/a
0 0 MASQ tcp ------ 0xFF 0x00 eth1
192.168.2.0/24 192.168.1.0/24 80 -> *
0 0 MASQ udp ------ 0xFF 0x00 eth1
192.168.2.0/24 192.168.1.0/24 123 -> *
1 76 MASQ all ------ 0xFF 0x00 eth0
192.168.1.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth2
0.0.0.0/0 192.168.2.0/24 n/a
0 0 DENY all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
154 23198 fairq all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0
192.168.1.0/24 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
154 23198 ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain fairq (1 references):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 520
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 520 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 179
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 179 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
3 180 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
4 368 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 23
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 23 -> *
48 3560 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 22
58 3424 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 22 -> *
:: Port FW ::
prot localaddr rediraddr lport rport pcnt pref
UDP 64.171.17.149 192.168.2.1 123 123 10 10
TCP 64.171.17.149 192.168.2.1 80 80 10 10
:: MarkFW ::
fwmark rediraddr rport pcnt pref
:: AutoFW ::
Type Prot Low High Vis Hid Where Last CPto CPrt Timer Flags
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
