hello :)
we have a script which is doing the following... but the NTP client fails
/bin/iptables -A SystemOut -p udp --sport 1024:65535 --dport 123 -j ACCEPT
/bin/msntp -r -x $TIME_UPDATE -f /var/run/msntp.save -F $PIDFILE $TIMESERVER
If we change the script like this, it works pretty good.
/bin/iptables -A SystemOut -p udp --sport 1024:65535 --dport 123 -j ACCEPT
/bin/sleep 1
/bin/msntp -r -x $TIME_UPDATE -f /var/run/msntp.save -F $PIDFILE $TIMESERVER
As you can see the LOG is matched, but the same "accept" rule (recently added)
has not matched (counter 0).
any ideas ?
best regards
Robert & Markus
----- log ------
user.info msntp: [3215]: msntp started
daemon.warn klogd: IN= OUT=eth1 SRC=10.20.10.177 DST=195.13.1.153 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DFPROTO=UDP SPT=1028 DPT=123
LEN=56
daemon.warn klogd: seen IN= OUT=eth1 SRC=10.20.10.177 DST=195.13.1.153 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1028
DPT=123 LEN=56
user.err msntp: [3215]: unable to send NTP packet
user.err msntp: [3215]: Operation not permitted
user.notice init.d: ntp: started
------- end log -------
+bash-2.05# iptables -vnL SystemOut
Chain SystemOut (1 references)
pkts bytes target prot opt in out source destination
9 684 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 LOG flags 0 level 4 prefix `seen
'
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:123
------------------
Epygi Labs DE | Herrenstraße 23
Robert Allmeroth | 76133 Karlsruhe
Tel: +49 721 20596 43 | Fax: +49 721 20596 59
