* Konstantin (Kastus) Shchuka
On Tue, Jul 30, 2002 at 07:16:12PM -0500, wideglide@myrealbox.com wrote:
What do I need to do to adjust SuSEFirewall2 to allow ntp connections to correct my local clock?
I have xntpd running and have set locations to check the clock. But I am getting the following ??UANLLOWED?? entries in my firewall log:
this is ONE line: Jul 30 08:00:13 wahoo kernel: SuSE-FW-UNALLOWED-TARGETIN=eth0 OUT= MAC=00:**mac address:00 SRC=24.30.200.3 DST=192.168.0.2 LEN=188 TOS=0x00 PREC=0x00 TTL=246 ID=34023 DF PROTO=UDP SPT=53 DPT=1027 LEN=168
This does not look like ntp traffic. Judging by source port number it's DNS.
OK, heres another address: 130.207.244.240 navobs1.gatech.edu
Doesn't this mean that the firewall is not allowing access? & How do I change to allow updating my clock??
One possible solution is to put your NTP server(s) into FW_TRUSTED_NETS variable:
FW_TRUSTED_NETS="<ntp server IP>,udp,ntp"
Tried this, edited /etc/rc.config.d/firewall2.rc.config and restarted rcSuSEfirewall2, but then: pat@wahoo:~> su1 rcxntpd restart Shutting network time protocol daemon (NTPD) done Try to set initial date and time via NTP failed Starting network time protocol daemon (NTPD) done Changed FW_TRUSTED_NETS="" restarted firewall2 and now the NTP shows "done" Am I worring about NOTHING ?? -- Patrick Shanahan Registered Linux User #207535 @ http://counter.li.org