ADD: Network Time + iptables rule

[tel0p]

http://www.elviswoo.com/?p=15

and a hole in iptables for UDP 123.

A few people have had issue with their endpoints not getting the time (from local). This is why.
Cheers!

 

[merlyn]

Did this get put on the list "to do" ?

I know I am still disabling iptables in order to get the time/date to my cisco phones.

thanks ...
merlyn

 

[jroper]

Hi

Just open port UDP123 via webmin - networking - Linux Firewall, and it should just work for you.

The easiest way is to pick on of the existing UDP rules, e.g. 4569, and clone it, then change the port to 123

Joe

 

[wardmundy]

Here's a script to do it for you

#!/bin/bash

sed -i '
/\-A INPUT \-p tcp \-m tcp \-\-dport 5038 \-j ACCEPT/ {
a\
\# Allow connections to NTP time server\
\-A INPUT \-p udp \-m udp \-\-dport 123 \-j ACCEPT
}' /etc/sysconfig/iptables

service iptables stop
service iptables start

 

[merlyn]

Thanks Ward !!

That makes it super easy. I can definetly use this when i do a fresh install in the next few weeks of my home setup.

(thanks Joe BTW forgot to reply to your webmin way of doing it)