From your email on Sep 8th: chronyc sources Which indicates Chrony is working, but is not getting a response from the time pool. You mentioned that the firewall team told you that port 123 is open, but this is not enough (intact may be unnecessary). Chrony uses a unprivileged port ( > 1024) to connect to port 123 on the ntp pool server. What needs to happen is the firewall needs to track this connection and allow a udp packet back form the source port 123 to your server, to the unprivileged port chrony used to send the request out. This requires a stateful firewall or one that tracks the connection. In the case of Cisco routers they can use ip inspect command, but it depends on the firewall they are using as to how they would accomplish this.
|
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org