-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/25/15 05:47, Sam Varshavchik wrote: > As far as I can determine, the way that firewalld sets up masquerading completely breaks both ntpd and chrony. > > Both servers appears to start, but their corresponding client-side tools, ntpdc or chronyc, cannot talk to them. strace shows that UDP packets to 127.0.0.1 have their source IP address rewritten to the public interface, and the server's response is lost. > > This bug with firewalld's masquerading rules was reported back in October, as bug 1152472. > > If anyone managed to get either ntpd or chrony fully functional on a server that has firewalld's masquerading enabled, I'd love to know how you did that. It isn't 100% clear to me the configuration of which you speak. Are you talking about a 2 interface system with the Fedora firewalld system acting as a "router" with masquerading for a set of clients "behind" it? And where are the ntp clients in relation to the server? - -- If you can't laugh at yourself, others will gladly oblige. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlTEFvEACgkQ4JnKjVbCBvq8bgCeNArlhvB8tZv+DKg/n7mpZW2C 5QQAn1ptCi2kDPYjOVh6tZeop14f7OWB =wkCI -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
