On Thu, Sep 16, 2004 at 10:31:58 +0300, [EMAIL PROTECTED] wrote:
> John Clarke wrote:
> >
> > Check your firewall rules. You need to allow ntp (port 123 udp) in and
> > out.
>
> I don't know mandrake but I got the impression that it's standard
> practice to have a rule like:
>
> # allow established connections, or related packets
> iptables --append block --match state --state ESTABLISHED,RELATED
> --jump ACCEPT
>
> which will allow a replying NTP packet pass through. That's much
> more convenient (and secure, IMHO) than completly opening the NTP port.
I agree, but I was suggesting things that might be stopping ntp from
working, not a step-by-step method of fixing it :-)
If you want to be even more paranoid (and who doesn't?), you should
only allow ntp packets out to the designated time server(s).
Cheers,
John
--
One of the main causes of the fall of the Roman Empire was that,
lacking zero, they had no way to indicate successful termination
of their C programs.
-- Robert Firth
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
