SUSE 8.2 firewall vs. ntp
Hi, I replaced the CMOS battery in the comp of my mom, but still decided to go for the weekly time calibration from an ntp server (via ntpdate timeserver and hwclock --systohc --utc). After the first few tries I realized that by default the firewall of SUSE 8.2 doesn't allow UDP port nr. 123 of the timeserver to connect to the same on my mom's computer. I attempted to open up UDP port 123 to the internet via FW_SERVICES_QUICK_UDP, but that was not effective. Would you please suggest me an easy way to achieve the wished results?! Thank you, Pelibali
On Friday 25 August 2006 13:32, pelibali wrote:
I replaced the CMOS battery in the comp of my mom, but still decided to go for the weekly time calibration from an ntp server (via ntpdate timeserver and hwclock --systohc --utc).
After the first few tries I realized that by default the firewall of SUSE 8.2 doesn't allow UDP port nr. 123 of the timeserver to connect to the same on my mom's computer. I attempted to open up UDP port 123 to the internet via FW_SERVICES_QUICK_UDP, but that was not effective.
Would you please suggest me an easy way to achieve the wished results?!
Hi Pelibali, The procedure I've used that always 'just works': * launch the runlevel editor, enable 'expert mode' * drop the firewall *in reverse order* of how it is normally initialized (drop phase 3, then phase 2, then phase 1, I think, in 8.2) * launch the ntp client setup module, enter your desired ntp server and test * if the test succeeds, select 'OK' or 'Finish' to complete the setup * restart the firewall in the standard order (1, 2 then 3) * close the runlevel editor This procedure allows the ntp client setup module to test the server before the firewall has been configured to allow that service. If it tests successfully and you enable the service, the setup module makes the required modification(s) to the firewall. hth & regards, Carl
Carl Hartung wrote:
On Friday 25 August 2006 13:32, pelibali wrote:
I replaced the CMOS battery in the comp of my mom, but still decided to go for the weekly time calibration from an ntp server (via ntpdate timeserver and hwclock --systohc --utc).
After the first few tries I realized that by default the firewall of SUSE 8.2 doesn't allow UDP port nr. 123 of the timeserver to connect to the same on my mom's computer. I attempted to open up UDP port 123 to the internet via FW_SERVICES_QUICK_UDP, but that was not effective.
Would you please suggest me an easy way to achieve the wished results?!
Hi Pelibali,
The procedure I've used that always 'just works':
* launch the runlevel editor, enable 'expert mode'
* drop the firewall *in reverse order* of how it is normally initialized (drop phase 3, then phase 2, then phase 1, I think, in 8.2)
* launch the ntp client setup module, enter your desired ntp server and test
hth & regards,
Carl
I don't think 8.2 had an NTP client module in Yast. I seem to remember having to set up NTP manually in /etc/ntp.conf. You do set it to run in runlevel editor. I cant' advise you how to adjust the firewall afterward though. Jim F
On Friday 25 August 2006 19:49, Jim Flanagan wrote:
I don't think 8.2 had an NTP client module in Yast. I seem to remember having to set up NTP manually in /etc/ntp.conf. You do set it to run in runlevel editor. I cant' advise you how to adjust the firewall afterward though.
I gave away my 8.2 Pro boxed set and didn't think to save the documentation pdfs :-/ Google? Carl
On Saturday 26 August 2006 06:36, Carl Hartung wrote:
On Friday 25 August 2006 19:49, Jim Flanagan wrote:
I don't think 8.2 had an NTP client module in Yast. I seem to remember having to set up NTP manually in /etc/ntp.conf. You do set it to run in runlevel editor. I cant' advise you how to adjust the firewall afterward though.
I gave away my 8.2 Pro boxed set and didn't think to save the documentation pdfs :-/
A quick romp thru my 8.2 boxed set manuals reveals nothing about a yast module for ntp. However, the package is SO WELL DOCUMENTED both in the distro (man ntpd and /usr/share/doc/packages/xntp/WHERE-TO-START) as well as on the web, and SO EASY to set up (two or three line change in /etc/ntp/ntp.conf) that one really has no reason to dread or put off running this software. -- _____________________________________ John Andersen
On Saturday 26 August 2006 15:36, John Andersen wrote:
On Saturday 26 August 2006 06:36, Carl Hartung wrote:
On Friday 25 August 2006 19:49, Jim Flanagan wrote:
I don't think 8.2 had an NTP client module in Yast. I seem to remember having to set up NTP manually in /etc/ntp.conf. You do set it to run in runlevel editor. I cant' advise you how to adjust the firewall afterward though.
I gave away my 8.2 Pro boxed set and didn't think to save the documentation pdfs :-/
A quick romp thru my 8.2 boxed set manuals reveals nothing about a yast module for ntp.
However, the package is SO WELL DOCUMENTED both in the distro (man ntpd and /usr/share/doc/packages/xntp/WHERE-TO-START) as well as on the web, and SO EASY to set up (two or three line change in /etc/ntp/ntp.conf) that one really has no reason to dread or put off running this software.
I'm surprised the Admin Guide doesn't document the ntp client configuration, but you're correct... it's an easy enough problem for the OP to solve. It does kind of make one nostalgic to remember leafing through those heavy books. ;-) Carl
On Saturday 26 August 2006 12:18, Carl Hartung wrote:
I'm surprised the Admin Guide doesn't document the ntp client configuration, but you're correct... it's an easy enough problem for the OP to solve. It does kind of make one nostalgic to remember leafing through those heavy books. ;-)
Yes, The books were useful, and still are occasionally. OTOH, it reminds one of what a crutch YAST has become. People hardly remember (nor want to remember) configuration of things by hand any more. I find the old habits hard to break and often discover the yast way long after I do it by hand. Chrisake, Yast even handles ez-ipupdate!!! -- _____________________________________ John Andersen
participants (4)
-
Carl Hartung -
Jim Flanagan -
John Andersen -
pelibali