On 04/16/2016 08:14 PM, [email protected] wrote: > > > On Sat, Apr 16, 2016, at 04:42 PM, Tom Eastep wrote: >>> Poking around a bit, >> >> What is the rule just before your NTP rule? > > Okay, I understand what OPTIMIZE may have been doing - removing redundant > rules. I'll get back to that in a bit. > > Without it, I'm still working on getting NTP server sync working. > > On my Firewall, I have early in my 'rules' what I thought to be an > as-open-as-possible port 123 setup > > NTP(ACCEPT):info:[NTP1] $FW any > NTP(ACCEPT):info:[NTP2] any $FW > ACCEPT:info:[NTP3] $FW any tcp,udp - 123 > ACCEPT:info:[NTP4] any $FW tcp,udp 123 > > When I exec > > sudo ntpdate pool.ntp.org > > it returns > > 16 Apr 19:54:20 ntpdate[25006]: no server suitable for synchronization > found > > and I get in my FW log > > Apr 16 19:54:18 mail01 kernel: [ 7295.785283] SW:[NTP1]:ACCEPT IN= > OUT=eth0 SRC=192.0.2.17 DST=64.62.190.177 LEN=76 TOS=0x00 PREC=0x00 TTL=64 > ID=44018 DF PROTO=UDP SPT=123 DPT=123 LEN=56 > > but if I use an unprivileged source port > > sudo ntpdate -u pool.ntp.org > > it works, > > 16 Apr 20:08:18 ntpdate[27027]: adjust time server 5.200.6.34 offset > 0.018766 sec > > and I get in my FW log > > Apr 16 20:12:08 core kernel: [ 8365.374832] SW:[P4][NTP1]:ACCEPT IN= > OUT=eth0 SRC=192.0.2.17 DST=64.62.190.177 LEN=76 TOS=0x00 PREC=0x00 TTL=64 > ID=29364 DF PROTO=UDP SPT=47780 DPT=123 LEN=56 > > I don't see any DROPs or REJECTs. That^ is it. > > What else do I need to open here?
I frankly don't believe that your problem has anything to do with Shorewall. If you 'shorewall clear' (be sure to 'shorewall start' after testing), do you see different results? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
