On 03/09/2012 15:18, Artifex Maximus wrote:
On Mon, Sep 3, 2012 at 11:15 AM, Leonard den Ottolander
<leonard@xxxxxxxxxxxxxxxxx> wrote:
On Sun, 2012-09-02 at 07:46 +0000, Artifex Maximus wrote:
Any idea what is wrong?
The iptables rules you specify only allow clients from your local
network access to your "proxy" ntp server. However, you do not specify
any rules for eth1 to allow that ntp server to synchronise with the
remote servers it is using. So unless you are using a local time source
that might be your problem.
Btw, when specifying rules for the external ntp servers you might want
to specify IPs as well to restrict access.
Thanks. You are right ntp proxy is absolutely what I want. Mine
description was not clean probably. So this is the setup:
GPSNTP(10.0.1.99/24) - eth1 myserver eth0 - clients(10.0.0.0/24)
Because GPSNTP is on a physically separated network I need this proxy
for my clients. My server is able to synchronize with GPSNTP so rules
are fine for that (because my output chain is ACCEPT per default). My
clients whom are cannot synchronize with my server even if I allow NTP
port which I do not understand.
So at this stage, doing a "tcpdump -i eth0 -s 0 -w capture.cap" and
getting one of your clients to try to sync time with your server and
then repeating this with the firewall turned off (when it purportedly
works) ought to give you enough information to be able to view the
packet capture and see what is going wrong.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles@xxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos