How stupid is it possible to get. It helps when writing filter rules on the fly to actually put in a jump instruction rather than letting the checks fall thru to the default block at the bottom. Duh.
Sorry for the noise. On Tue, 2004-12-07 at 18:09, Visser, Martin wrote: > Are you sure it is rejecting the source port? From reading the doc the > default should be that it accepts from any port. Have you checked NTP > version support - I imagine the FC3 ntpd is by default version 4 and > hence your older clients may not support that. Try setting version 3 or > 2 in the config. > > If you really think you that it is rejecting the non-123 packets then I > guess you could possibly use NAT/masquerading on the server for those > specific hosts. > > Martin Visser ,CISSP > Network and Security Consultant > Consulting & Integration > Technology Solutions Group - HP Services > > 3 Richardson Place > North Ryde, Sydney NSW 2113, Australia > > Phone: +61-2-9022-1670 > Mobile: +61-411-254-513 > Fax: +61-2-9022-1800 > E-mail: martin.visserAThp.com > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Howard Lowndes > > Sent: Wednesday, 8 December 2004 9:36 AM > > To: [EMAIL PROTECTED] > > Cc: <Unknown>MailList-SLUG > > Subject: Re: [SLUG] NTPD & FC3 > > > > On Mon, 2004-12-06 at 23:06, [EMAIL PROTECTED] wrote: > > > On Tue, Dec 07, 2004 at 08:53:36AM +1100, Howard Lowndes wrote: > > > > I have noticed with the implementation of ntpd in FC3 > > that it will > > > > only respond to a local time check if both the SRC & DST > > ports are > > > > 123. If it gets a request from an unpriv SRC port then > > it won't respond. > > > > > > > > Does anyone know how to fix this as I have some hardware > > that uses > > > > unpriv SRC ports. > > > > > > My reading of the man page would suggest that putting 'non-ntpport' > > > in the 'restrict' line of your /etc/ntp.conf should do the trick. > > > > Ya, I fond the comment in the doco rather than the man page, > > but the small problem is that it appears not to work. If I > > mod the line to > > read: > > > > restrict 192.168.252.0 mask 255.255.252.0 nomodify notrap non-ntpport > > > > then it still won't respond to unpriv source ports. > > > > Even including it in the restrict default line doesn't make > > any difference. > > > > Real Bad Bummer. > > > > > > > > Matt > > -- > > Howard. > > LANNet Computing Associates; > > Your Linux people <http://www.lannetlinux.com> > > ------------------------------------------ > > "When you just want a system that works, you choose Linux; > > when you want a system that just works, you choose Microsoft." > > ------------------------------------------ > > "Flatter government, not fatter government; Get rid of the > > Australian states." > > > > > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > -- Howard. LANNet Computing Associates; Your Linux people <http://www.lannetlinux.com> ------------------------------------------ "When you just want a system that works, you choose Linux; when you want a system that just works, you choose Microsoft." ------------------------------------------ "Flatter government, not fatter government; Get rid of the Australian states." -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
