[lug] ntpdate fails on RH7.1 (KRUD 2001-08-01 with updates)
John Hernandez
John.Hernandez at noaa.gov
Thu Jan 10 12:46:56 MST 2002
Try 'ntpdate -u server'
Sean Reifschneider wrote:
> On Thu, Jan 10, 2002 at 12:36:36PM -0600, Michael J. Hammel wrote:
>
>>I didn't think it would be this problem since the box which is succeeding
>>is behind the firewall and the firewall is the one that is failing. So how
>>can I be blocking port 123 on the firewall (where ntpdate fails) but that
>>port gets through to another box behind the firewall? Isn't that counter
>>to what a firewall is supposed to be doing? Do I need to firewall all my
>>boxes to prevent incoming connections to them?
>>
>
> When a firewall box masquerades a connection, it typically re-writes the
> source port from whatever it is to a very high port up in the 60000 range.
> Your firewall could be blocking incoming <1024 traffic while allowing
>
>>=1024. So, when a masqueraded connection asks for the NTP data, it's
>>
> getting it, but when the firewall asks for it the response is coming back
> to the source port of 123 and is being blocked.
>
> That's my guess.
>
> Sean
>
--
- John Hernandez - Network Engineer - 303-497-6392 -
| National Oceanic and Atmospheric Administration |
| Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
----------------------------------------------------
More information about the LUG
mailing list