[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RE: NTP Servers Again
- Subject: Re: [cobalt-users] RE: NTP Servers Again
- From: David Lucas <david@xxxxxxxxxxxxxxxx>
- Date: Sat Jul 6 16:22:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
At 02:26 PM 7/6/2002, you wrote:
DL> Date: Sat, 06 Jul 2002 13:59:52 -0500
DL> From: David Lucas
DL> >Now it looks like you're bumping into firewall rules. Before,
DL> >you couldn't bind() the low port number. Now, ipfwadm/ipchains
DL> >(what model RaQ?) is preventing the packets from flowing.
DL> >
DL> >NTP runs on port 123, and "time" on 37. I know NTP uses UDP;
DL> >beyond that, I'd need to STFW/RTFM in a hurry on where TCP/UDP
DL> >can or must be used.
DL>
DL>
DL> Excuse me, but could you say that again in plain english for
DL> us uneducated.
Not sure what part was unclear, so I'll try rephrasing the whole
thing...
The original error about "bind() fails" was because ntp was being
run as non-root. To use a port below 1024, a process must be run
as root. The NTP protocol runs on 123/UDP. (I don't know if it
ever uses 123/TCP; I need to search to find the answer.) I
believe that the new "operation not permitted" is caused by the
firewall rules on the local machine.
However, the part about "can't connect:37" in the original post
led me to believe that something might be trying to use the
"time" protocol, which is different from NTP. I don't know if
"time" uses UDP, TCP, or both; again, I must search.
Chae, what model is your RaQ? Can you check or post your
firewall rules? It appears that port 123 is being blocked.
I'm doing the same things as Chae and I run a RaQ4r
[root /]# /usr/sbin/ntpdate 64.81.117.120
6 Jul 18:00:34 ntpdate[13051]: no server suitable for synchronization found
I know it works. I can sync other machines from it.
What files do I look at for the firewall. I don't see the ports you
mentioned in portsentry.confg.
I have
# Use these if you just want to be aware:
TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,31337,32771,32772,32773,32774,40421,49724,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,32770,32771,32772,32773,32774,31337,54321"
What exactly would I check in ipchains?