NTP Time Server on FC4
We have an FC4 server running squid and mail relay, basically a gateway, for our LAN, and I'm trying to set it up as an NTP server. It's behind a load balancing with a firewall so I have firewall off (i.e. firewall is not the issue here, unless there's more firewall than I realize) and I have SELinux off as well.
I can get ntpd started fine, and in /var/log/messages I see this:
Aug 23 15:01:40 elmer ntpdate[5047]: step time server x.x.x.x offset -0.022521 sec
Aug 23 15:01:40 elmer ntpd[5051]: ntpd 4.2.0a@1.1190-r Thu Apr 14 07:45:36 EDT 2005 (1)
Aug 23 15:01:40 elmer ntpd[5051]: precision = 1.000 usec
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface wildcard, 0.0.0.0#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface wildcard, ::#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface lo, 127.0.0.1#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface eth0, 10.1.3.3#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface eth1, 192.168.1.115#123
Aug 23 15:01:40 elmer ntpd[5051]: kernel time sync status 0040
Aug 23 15:01:40 elmer ntpd[5051]: frequency initialized 0.000 PPM from /var/lib/ntp/drift
so it appears that it is listening on port 123. But when I run a portscan from another computer it doesn't appear that port 123 is open:
G5_iMac[jonbaker]:~$ nc -v -w 2 -z 192.168.1.115 100-200
elmer.wgm [192.168.1.115] 139 (netbios-ssn) open
elmer.wgm [192.168.1.115] 111 (sunrpc) open
The iptables rules is in a script that runs on startup, the actual section that executes is this:
# Clearing any existing rules and setting default policy
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F
# Squid rule
/sbin/iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port 3128
# FWD: Allow all connections OUT and only existing and related ones IN
/sbin/iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# Enabling SNAT (MASQUERADE) functionality on $EXTIF
/sbin/iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
# Open port 123 for ntp services
/sbin/iptables -A INPUT -p udp --dport 123 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --sport 123 -j ACCEPT
But, when I try to sync time using ntpdate I get this message:
24 Aug 10:00:13 ntpdate[10834]: no server suitable for synchronization found
Any idea what might be breaking this? I can ssh into the server fine, and it has apache running and serving web pages fine as well. This seems to be the only thing that's not working.
Thanks -
|