l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Apr 24 23:12

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] I'm also having ntp problems :-(
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] I'm also having ntp problems :-(



The following seems to be happening...

connections to a udp server on nat work fine both ways.

connections to a udp server on bob only work for sending data to bob.

in tcpdump, I see nat telling bob that the udp port is unreachable, yet bob 
has no firewall.

Very odd.....

On Wednesday 24 April 2002 10:51 pm, msimons@moria.simons-clan.com wrote:
> On Wed, Apr 24, 2002 at 10:26:13PM -0700, Ryan wrote:
> > On Wednesday 24 April 2002 10:04 pm, msimons@moria.simons-clan.com wrote:
> > >   Something is preventing port 123 UDP packets from going between
> > > bob and nat, you can see packets be transmitted and no reply.  It
> > > could also be that your ntpd is configured to not accept connections
> > > from bob.
> >
> > This can now be blamed on firewall rules.
>
> Something doesn't look right about this...
>
>   Both ntdq and ntpdate create the same type of UDP based socket,
> running from the same machine one of them gets replies the other
> does not (the packets are different sizes).  It is true that some
> length based firewall checks could be blocking the replies... but
> it's important to figure out what is broken before changing things
> and I still don't have enough information.  It could be either ntpd
> or the firewall, since it could as likely be server configuration
> (like only accepting certain client revisions).
>
>   If it still doesn't work after you have fun looking through your
> firewall rules install strace on the firewall and run the trace
> requested below.  If you can't use "apt-get install strace" then
> remember it is simply one big executable, scp it to the firewall
> from a similar machine and just run the binary from /tmp then
> nuke it.
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.