* Klaus Vink Slott; <list-s@andelsweb.dk> on 03 Mar, 2003 wrote:

I tried to use yast to adjust the firewall by putting "123" or "ntp" into the Expert configuration option. Also tried FW_ALLOW_INCOMING_HIGHPORTS_UDP="ntp"

try with FW_SERVICES_EXT_UDP or better to limit the ip addresses use FW_TRUSTED_NETS there is an example on the unofficial SUSEfirewall2 document http://sf.net/projects/susefaq -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Try putting "iptables -A input_int -j ACCEPT --source [IP_TIMESERVER] -m state --state ESTABLISHED,RELATED -p udp --sport ntp --dport ntp" into the hook fw_custom_before_port_handling() of /etc/sysconfig/scripts/SuSEfirewall2-custom (without quotes and in one line). [IP_TIMESERVER] should be the IP of the timeserver you would like to connect with ntpdate. On Montag, 3. März 2003 21:37, Klaus Vink Slott wrote:

I have a 8.1 server standing outside my firewall, protected using YAST with SuSEfirewall. I can reach the server using http and ssh - no problem.

But I would like to get xntpd to update the time - Is it then nessesary to adjust the firewall configuration?

mejse:~ # ntpdate some.server.dk 3 Mar 21:27:38 ntpdate[2623]: no server suitable for synchronization found

-- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216