ntpdate: Operation not permitted

David Kramer david at kramer.ne.mediaone.net
Tue Apr 25 01:21:48 EDT 2000 

I have a Red Hat 6.1 box that is my "speaker-to-cablemodem" (Thank you
Niven) (firewall/web server/ftp/mail server/younameit server).

I'm trying to use ntpdate on it, but I'm getting an error message.

[root at kramer ntp-4.0.99f]# /usr/local/bin/ntpdate -v time-b.nist.gov
25 Apr 01:21:05 ntpdate[8760]: ntpdate 4.0.99f Mon Apr 24 21:37:57 EDT
2000 (1)
25 Apr 01:21:05 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:06 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:07 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:08 ntpdate[8760]: sendto(129.6.15.29): Operation not
permitted
25 Apr 01:21:09 ntpdate[8760]: no server suitable for synchronization
found

When I try it form a Suse box that is actually behind this firewall, it
works great.  So is the operation that is not permitted (1) connecting
to that server on that port or (2) setting the time based on the data
gotten?

Now here's my firewall situation.  I've added 
NTP_TIME_SERVER="any/0"     # if used
...
    ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
             -s $IPADDR $UNPRIVPORTS \
             -d $NTP_TIME_SERVER 123 -j ACCEPT

    ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \
             -s $NTP_TIME_SERVER 123 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
             -s $IPADDR $UNPRIVPORTS \
             -d $NTP_TIME_SERVER 123 -j ACCEPT

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \
             -s $NTP_TIME_SERVER 123 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT


[root at kramer ntp-4.0.99f]# ipchains -L  | grep ntp
ACCEPT     tcp  !y----  anywhere             kramer.ne.mediaone.net 
nntp ->   1024:65535
ACCEPT     udp  ------  anywhere             kramer.ne.mediaone.net  ntp
->   1024:65535
ACCEPT     tcp  ------  anywhere             kramer.ne.mediaone.net  ntp
->   1024:65535
ACCEPT     tcp  ------  kramer.ne.mediaone.net anywhere             
1024:65535 ->   nntp
ACCEPT     udp  ------  kramer.ne.mediaone.net anywhere             
1024:65535 ->   ntp
ACCEPT     tcp  ------  kramer.ne.mediaone.net anywhere             
1024:65535 ->   ntp


Any sage advice?
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list