On 07/30/02 19:16:12, wideglide@myrealbox.com wrote:
What do I need to do to adjust SuSEFirewall2 to allow ntp connections to correct my local clock?
I have xntpd running and have set locations to check the clock. But I am getting the following ??UANLLOWED?? entries in my firewall log:
I ran into this problem a few months ago. What I found was that xntpd was communicating with the NTP sever using port 123 as both the source and destination port. To allow this through SuSEFirewall2 I put the following entry in the firewall2-custom.rc.config file located in /etc/rc.config.d. iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p udp --sport ntp --dport ntp
this is ONE line: Jul 30 08:00:13 wahoo kernel: SuSE-FW-UNALLOWED-TARGETIN=eth0 OUT= MAC=00:**mac address:00 SRC=24.30.200.3 DST=192.168.0.2 LEN=188 TOS=0x00 PREC=0x00 TTL=246 ID=34023 DF PROTO=UDP SPT=53 DPT=1027 LEN=168
This log entry is a firewall denied packet related to a DNS query. Notice "SPT=53"? This means the packet was sent from the DNS service on the 24.30.200.3 box. --rickey
Doesn't this mean that the firewall is not allowing access? & How do I change to allow updating my clock??
tks, -- Patrick Shanahan Registered Linux User #207535 @ http://counter.li.org
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com