Johan Marcusson wrote on 18-9-2007 12:17:
> I'm in a similar situation myself actually, and I agree.
> However, in my setup the ntpd is on the same machine that does NAT so I
> don't think these connections is actually NATed in my setup. But the state of
> the connections still seems to get registered with iptables (conntrack). Does
> anyone know how disable this just for ntp packets?
Interesting setup. The problem seems more or less the same: stateful
filtering, using a fixed size state table.
I'm not a Linux or iptables user, but the solution might be something
like this:
1. On the appropriate iptables rule look for "keep state" (or just
"keep"?). Removing that should make the rule stateless.
2. Add another stateless rule to allow outgoing ntp packets.
Jan
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
