Note that this is an english-speaking list.

> ich möchte mit xntp über die Firewall auf meinem Server die
> Zeit updaten.

It's usually also a good idea to have firewalls synchronised to global time
as well.

> Wenn ich die Firewall abschalte ( alle chains geflusht )
> läuft nntpdate ganz
> normal Mit eingeschalteter Firewall meldet mir ntpdate
> Segmentation Errors und
> bricht ab.

That's seems strange to me, ntpdate should fail, saying that it can't find
any suitable servers for synchronisation. It should not segfault.

> Meine Firewall regeln sind:
> /sbin/iptables -A OUTPUT -o eth1 -m tcp -p tcp -s $SELF
> --dport 37 -j ACCEPT #
> ntp
> /sbin/iptables -A INPUT -i eth1 -m tcp -p tcp -d $SELF
> --sport 37 -j ACCEPT #
> ntp
> Kann mir jemand sagen wo mein Fehler liegt und ob ich evtl
> ausser Port 37 noch
> einen anderen Port brauche.

You definitely need further rules for NTP. NTP servers listen only on UDP
port 123 (no TCP is used, further clarifying what Roman already said).
(x)ntpd uses UDP 123 as its source port as well, while ntpdate allocates a
high port (i.e. one above 1023) as its query source port.

Tobias

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]