BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ntpdate: Operation not permitted

Subject: ntpdate: Operation not permitted
From: david at kramer.ne.mediaone.net (David Kramer)
Date: Tue, 25 Apr 2000 01:21:48 -0400

I have a Red Hat 6.1 box that is my "speaker-to-cablemodem" (Thank you
Niven) (firewall/web server/ftp/mail server/younameit server).

I'm trying to use ntpdate on it, but I'm getting an error message.

[root at kramer ntp-4.0.99f]# /usr/local/bin/ntpdate -v time-b.nist.gov
25 Apr 01:21:05 ntpdate[8760]: ntpdate 4.0.99f Mon Apr 24 21:37:57 EDT
2000 (1)
25 Apr 01:21:05 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:06 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:07 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:08 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:09 ntpdate[8760]: no server suitable for synchronization
found

When I try it form a Suse box that is actually behind this firewall, it
works great.  So is the operation that is not permitted (1) connecting
to that server on that port or (2) setting the time based on the data
gotten?

Now here's my firewall situation.  I've added 
NTP_TIME_SERVER="any/0"     # if used
...
    ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
             -s $IPADDR $UNPRIVPORTS \
             -d $NTP_TIME_SERVER 123 -j ACCEPT

    ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \
             -s $NTP_TIME_SERVER 123 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
             -s $IPADDR $UNPRIVPORTS \
             -d $NTP_TIME_SERVER 123 -j ACCEPT

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \
             -s $NTP_TIME_SERVER 123 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT


[root at kramer ntp-4.0.99f]# ipchains -L  | grep ntp
ACCEPT     tcp  !y----  anywhere             kramer.ne.mediaone.net 
nntp ->   1024:65535
ACCEPT     udp  ------  anywhere             kramer.ne.mediaone.net  ntp
->   1024:65535
ACCEPT     tcp  ------  anywhere             kramer.ne.mediaone.net  ntp
->   1024:65535
ACCEPT     tcp  ------  kramer.ne.mediaone.net anywhere             
1024:65535 ->   nntp
ACCEPT     udp  ------  kramer.ne.mediaone.net anywhere             
1024:65535 ->   ntp
ACCEPT     tcp  ------  kramer.ne.mediaone.net anywhere             
1024:65535 ->   ntp


Any sage advice?
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

Follow-Ups:
- ntpdate: Operation not permitted
  - From: mikebw at colossus.bilow.com (Mike Bilow)

Prev by Date: RH 6.1 - X server question
Next by Date: RH 6.1 - X server question
Previous by thread: RH 6.1 - X server question
Next by thread: ntpdate: Operation not permitted
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org