I've had this problem on a regular ipchains firewall before too. I had to write add an ipchains line in my time script to allow ntp and then afterwards a line to remove that rule.
______________________________________ Brent J. Baude | Information Architect for TCP/IP, Security, & Linux 3605 Hwy 52N Rochester, MN 55901 (507) 253-0708 T/L 8-553-0708 FAX (507) 253-5192 Andre Krajnik <[EMAIL PROTECTED]> To: Mandrake-Firewall <[EMAIL PROTECTED]> Sent by: cc: cooker-firewall-owner@linux-ma Subject: [Cooker-firewall] ntp ofer SNF ndrake.com 10/31/2001 12:08 PM Please respond to cooker-firewall Hi! I've trouble to use ntpdate to syncronize a linux-Server behind the SNF. I use the following script: #!/bin/sh ntpdate -v ptbtime1.ptb.de ptbtime2.ptb.de rustime01.rus.uni-stuttgart.de [root@server1 andre]# /root/bin/ntp.sh 19 Oct 17:35:53 ntpdate[2279]: ntpdate 3-5.93e Sat Apr 8 15:58:28 CEST 2000 (1) 19 Oct 17:35:58 ntpdate[2279]: no server suitable for synchronization found [root@server1 andre]# [root@server1 andre]# netstat -nr Kernel IP Routentabelle Ziel Router Genmask Flags MSS Fenster irtt Iface zzz.yyy.xx.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 255.255.255.255 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 zzz.yyy.xx.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 zzz.yyy.xx.254 0.0.0.0 UG 0 0 0 eth0 [root@server1 andre]# ifconfig eth0 Linkverkapselung:Ethernet HWaddr 00:04:AC:D6:30:2F inet addr:zzz.yyy.xx.1 Bcast:zzz.yyy.xx.255 Maske:255.255.255.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 Empfangene Pakete:43864 Fehler:0 Weggeworfen:0 Überlauf:0 Rahmen:0 Verschickte Packete:43475 Fehler:0 Weggeworfen:0 Überlauf:0 Rahmen:0 Kollisionen:0 Sendewarteschlangenlänge:100 Interrupt:10 Basisadresse:0x1000 lo Linkverkapselung:Locale Schleife inet addr:127.0.0.1 Maske:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 Empfangene Pakete:2439 Fehler:0 Weggeworfen:0 Überlauf:0 Rahmen:0 Verschickte Packete:2439 Fehler:0 Weggeworfen:0 Überlauf:0 Rahmen:0 Kollisionen:0 Sendewarteschlangenlänge:0 [root@server1 andre]# The routers IP is zzz.yyy.xx.254. It's OK if server1 dials directly into the internet via a modem and changing the defaultgateway to zzz.yyy.xx.1 -- mfg Andre