Mailinglist Archive: opensuse (5100 mails)
| < Previous | Next > |
Re: [SLE] ntpdate and firewall
- From: John Andersen <jsa@xxxxxxxxxxxxxx>
- Date: Thu, 24 Jun 2004 23:39:14 -0800
- Message-id: <200406242339.19212.jsa@xxxxxxxxxxxxxx>
On Thursday 24 June 2004 23:02, Xaos Katawin wrote:
> X-Message-Flag: You need a life!
> Hi all,
>
> I have started the firewall in SuSE 9.0 through yast and pretty much
> use the defaults. But... I find that I can not use ntpdate to
> update my clock when the firewall is running. I excluded port 123
> from the firewall (I thought that this was the correct port). I
> tried running ntpdate with the -u option, but I didn't have any
> luck. How can I keep the firewall up and still use ntp?
>
> Second, I do ip-masquerading for a win xp box. Is there a simple
> way to use the time on my suse box to update the win box? I tried
> starting the ntp daemon but I don't have a full time connection to
> the net.
>
> Thanks
Your firewall should not block outgoing requests on 123, nor incomming
ones on your inside nic.
I think you want to look at /usr/share/doc/packages/xntp-doc/html/index.htm
ntpd is the daemon that syncs with several time servers, and automatically
selects one. You have to set what time server(s) it should use
in /etc/ntp.conf. Usually your ISP will supply one (and usually it is by
running its own copy of ntpd).
After finding suitable time servers, and entering them in /etc/ntp.conf
you start ntpd. If your clock is off by quite a bit, it will refuse to sync.
So get it close as you can manually.
You can watch it try to sync with ntpq (enter "peers" at the ntpq prompt.
It will supply time services to any machine that knows how to use ntp
protocol.
Re-enter the peers command periodically to see which one it selects.
There are windows clients for this,
http://home.att.net/~Tom.Horsley/ntptime.html
Google ntp client windows
Also, if you run samba, you can just run
net time /? in a command prompt to find how to set the
time to any other machine (such as your samba server)
--
_____________________________________
John Andersen
> X-Message-Flag: You need a life!
> Hi all,
>
> I have started the firewall in SuSE 9.0 through yast and pretty much
> use the defaults. But... I find that I can not use ntpdate to
> update my clock when the firewall is running. I excluded port 123
> from the firewall (I thought that this was the correct port). I
> tried running ntpdate with the -u option, but I didn't have any
> luck. How can I keep the firewall up and still use ntp?
>
> Second, I do ip-masquerading for a win xp box. Is there a simple
> way to use the time on my suse box to update the win box? I tried
> starting the ntp daemon but I don't have a full time connection to
> the net.
>
> Thanks
Your firewall should not block outgoing requests on 123, nor incomming
ones on your inside nic.
I think you want to look at /usr/share/doc/packages/xntp-doc/html/index.htm
ntpd is the daemon that syncs with several time servers, and automatically
selects one. You have to set what time server(s) it should use
in /etc/ntp.conf. Usually your ISP will supply one (and usually it is by
running its own copy of ntpd).
After finding suitable time servers, and entering them in /etc/ntp.conf
you start ntpd. If your clock is off by quite a bit, it will refuse to sync.
So get it close as you can manually.
You can watch it try to sync with ntpq (enter "peers" at the ntpq prompt.
It will supply time services to any machine that knows how to use ntp
protocol.
Re-enter the peers command periodically to see which one it selects.
There are windows clients for this,
http://home.att.net/~Tom.Horsley/ntptime.html
Google ntp client windows
Also, if you run samba, you can just run
net time /? in a command prompt to find how to set the
time to any other machine (such as your samba server)
--
_____________________________________
John Andersen
| < Previous | Next > |