I am trying to configure my masquerading (NAT) firewall to allow the outside world to see one of my internal servers. (The firewall is a Linux system running fairly ancient "Linux Router Project" code).
I've set up what should be the correct rules to forward both port 123 UDP and port 123 TCP to the internal server: ipchains -A bad-if --dport 123 -p tcp -j ACCEPT ipchains -A bad-if --dport 123 -p udp -j ACCEPT ipmasqadm portfw -a -P tcp -L $PUBLIC_IP 123 -R $CESIUM 123 ipmasqadm portfw -a -P udp -L $PUBLIC_IP 123 -R $CESIUM 123 >From an external server, I can use "ntpq -p <mybox>" and I get the billboard in response. So I think the TCP forwarding works. But attempting to sync to the internal server yields reachability of 0, which leads me to think something is wrong with the UDP forwarding. The ntp.conf files on both ends are very simple and don't contain any restrict or authentication statements. Has anyone tried anything like this? Any ideas what might be wrong? Thanks, John _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
