Hi, I'm having trouble getting chronyc to talk to chronyd locally once I enable firewalld. I'm not sure if this qualifies as a chrony or firewall issue (or operator error...) but I'm trying here first:
My chrony.conf is set up to allow commands from localhost only: stratumweight 0 driftfile /var/lib/chrony/drift makestep 10 3 bindcmdaddress 127.0.0.1 bindcmdaddress ::1 keyfile /etc/chrony.keys commandkey 1 generatecommandkey noclientlog logdir /var/log/chrony server some.ntp.server allow 192.168/16 When I enabled firewalld (in Fedora 20), configured like this: drop (default, active) interfaces: em1 sources: services: http ntp smtp ssh ports: masquerade: yes forward-ports: icmp-blocks: rich rules: chronyc gives me this error on the sources command: 506 Cannot talk to daemon for the locally running chronyd. This happens only when masquerading is "yes", when I disable masquerading the sources command runs fine. In what way should I set up things to get chronyc to be able to talk to chronyd locally with masquerading "on" for my NIC(em1), I don't understand how/why the masquerading on em1 to interfere with the localhost UDP 323 traffic.
