On 19 Sep., 17:39, Steve Kostecke <[EMAIL PROTECTED]> wrote: > On 2007-09-19, rasmus <[EMAIL PROTECTED]> wrote: > > > On 18 Sep., 20:31, Jan Ceuleers <[EMAIL PROTECTED]> wrote: > > >> Do you have a rule like the following in your iptables setup: > > >> -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT > > >> If so, can you try and bypass it for 123/udp traffic? > > > I have such a rule, now at the very head of my INPUT chain. > > That's your problem. This rule says to only accept packets that are > related to an established connection (i.e. a stateful firewall). > > The _first_ rule in your INPUT chain needs to explicitly allow all > traffic to 123/UDP. Something like this:
Sorry, I was unclear. The rule I referred to was one that allowed udp/ 123 traffic. So I have a rule exactly matching what you wrote at the head of my INPUT chain. I can see traffic reach my nptd and I can log packets with sport 123 in my OUTPUT filter. Regards, Rasmus _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
