NTP

On 02Nov2006 15:20, Nick Baronian <kvetchgmail.com> wrote:
| If I want to use NTP to sync to a time server does my
machine have to
| open port 123 UDP.  I don't want to be a NTP server, I
just want to be
| the client that polls a server.  I know I can use iptables
to do
| something like
| $IPTABLES -A INPUT -j ACCEPT -p tcp -s 66.187.224.4
--dport 123
| But I would like to completely close the port if possible.
| Can this be done?

NTP uses udp, not tcp.
  $IPTABLES -A INPUT -j ACCEPT -p udp -s 66.187.224.4
--sport 123 --dport 123
and outbound (to make queries):
  $IPTABLES -A INPUT -j ACCEPT -p udp -d 66.187.224.4
--sport 123 --dport 123

Try that. It should be obvious you can't close the port
completely - how
would ntp work it not traffic can flow?
-- 
Cameron Simpson <cszip.com.au> DoD#743
http://www.cskk.e
zoshosting.com/cs/

Dope will carry you through times of no money better than
money will carry
you through times of no dope!   - Freewheelin' Franklin

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users

Oops, the -p tcp was a typo on my part.
What I am really getting at is if there is a way to have ntp
work like
some other client apps.  I want to sync to redhat's time
server but I
don't want to have a constant connection.  Kinda like if I
was ssh'ing
or ftp'ing into a server.  The server would be running the
ssh/ftp
service and have port 22 or 21 open but my machine would
open a random
non-priv port get my payload and then close it.
Is NTP different because the polling is so frequent?

Thanks,
Nick

On 11/2/06, Cameron Simpson <cszip.com.au> wrote:
> On 02Nov2006 15:20, Nick Baronian <kvetchgmail.com> wrote:
> | If I want to use NTP to sync to a time server does my
machine have to
> | open port 123 UDP.  I don't want to be a NTP server,
I just want to be
> | the client that polls a server.  I know I can use
iptables to do
> | something like
> | $IPTABLES -A INPUT -j ACCEPT -p tcp -s 66.187.224.4
--dport 123
> | But I would like to completely close the port if
possible.
> | Can this be done?
>
> NTP uses udp, not tcp.
>   $IPTABLES -A INPUT -j ACCEPT -p udp -s 66.187.224.4
--sport 123 --dport 123
> and outbound (to make queries):
>   $IPTABLES -A INPUT -j ACCEPT -p udp -d 66.187.224.4
--sport 123 --dport 123
>
> Try that. It should be obvious you can't close the port
completely - how
> would ntp work it not traffic can flow?
> --
> Cameron Simpson <cszip.com.au> DoD#743
> http://www.cskk.e
zoshosting.com/cs/
>
> Dope will carry you through times of no money better
than money will carry
> you through times of no dope!   - Freewheelin' Franklin
>
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users

Please don't top-post. Reply _below_ the relevant quoted
text, and trim
the irrelevant text.

On 03Nov2006 11:35, Nick Baronian <kvetchgmail.com> wrote:
| Oops, the -p tcp was a typo on my part.
| What I am really getting at is if there is a way to have
ntp work like
| some other client apps.  I want to sync to redhat's time
server but I
| don't want to have a constant connection.

UDP doesn't have a "connection" at all.

| Kinda like if I was ssh'ing
| or ftp'ing into a server.  The server would be running the
ssh/ftp
| service and have port 22 or 21 open but my machine would
open a random
| non-priv port get my payload and then close it.
| Is NTP different because the polling is so frequent?

No, it's different because it's UDP - no connections. Think
of it like
"ping", but passing time information in the
packets.

If you don't want to run ntpd, which will do a good job of
keeping time
with good clock behaviour (i.e. monotonic clock - no
backwards time
shifts, etc), you could run the "ntpdate" command
occasionally.

Cheers,
-- 
Cameron Simpson <cszip.com.au> DoD#743
http://www.cskk.e
zoshosting.com/cs/

Patent laws: made for the benefit of little inventors,
opposed by little
inventors, pushed by big corporations. Something is quite
wrong.
- http://slashdot.org/
~marcello_dl

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users

Hi.

First, this doesn't really belong on the RHN list.  This
list is for 
issues dealing with the Red Hat up2date service (RHN aka Red
Hat Network).

Secondly, you can run ntpdate out of a cron job to make
hourly (or 
daily) connections to an NTP server.

    Alfred Hovdestad
    University of Saskatchewan



Nick Baronian wrote:
> Oops, the -p tcp was a typo on my part.
> What I am really getting at is if there is a way to
have ntp work like
> some other client apps.  I want to sync to redhat's
time server but I
> don't want to have a constant connection.  Kinda like
if I was ssh'ing
> or ftp'ing into a server.  The server would be running
the ssh/ftp
> service and have port 22 or 21 open but my machine
would open a random
> non-priv port get my payload and then close it.
> Is NTP different because the polling is so frequent?
> 
> Thanks,
> Nick

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users

if this list is only about up2date issues, where is the
general red
hat support mailing list?

On 11/3/06, Alfred Hovdestad <alfred.hovdestadusask.ca> wrote:
> Hi.
>
> First, this doesn't really belong on the RHN list. 
This list is for
> issues dealing with the Red Hat up2date service (RHN
aka Red Hat Network).
>
> Secondly, you can run ntpdate out of a cron job to make
hourly (or
> daily) connections to an NTP server.
>
>     Alfred Hovdestad
>     University of Saskatchewan
>
>
>
> Nick Baronian wrote:
> > Oops, the -p tcp was a typo on my part.
> > What I am really getting at is if there is a way
to have ntp work like
> > some other client apps.  I want to sync to
redhat's time server but I
> > don't want to have a constant connection.  Kinda
like if I was ssh'ing
> > or ftp'ing into a server.  The server would be
running the ssh/ftp
> > service and have port 22 or 21 open but my machine
would open a random
> > non-priv port get my payload and then close it.
> > Is NTP different because the polling is so
frequent?
> >
> > Thanks,
> > Nick
>
> _______________________________________________
> rhn-users mailing list
> rhn-usersredhat.com
> htt
ps://www.redhat.com/mailman/listinfo/rhn-users
>


-- 
http://silola
bs.net/~sparker/pubkey.txt

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users

HI.

Go to https://redhat.c
om/mailman/listinfo.  Here is a short list of the 
many lists there.


nahant-list 	Red Hat Enterprise Linux 4 (Nahant) Discussion
List

Redhat-ccm-list 	Discussion about the Red Hat Enterprise
Applications family
Redhat-devel-list 	Red Hat developer's list
Redhat-install-list 	Getting started with Red Hat Linux
redhat-list 	General Red Hat Linux discussion list
redhat-list-de 	Red Hat users list (german version)
Redhat-migration-list 	Discussion group concerning migration
to Red Hat 
Linux
Redhat-ppp-list 	Setting up dialup networking
Redhat-s390-list 	[no description available]
Redhat-secure-server 	CLOSED
redhat-sysadmin-list 	[no description available]
Rhel-rt-external 	Development discussions for realtime
variant of RHEL - 
external list
Rhel-support-list 	[no description available]
rhelv5-announce 	Red Hat Enterprise Linux 5 (Tikanga)
announcement 
mailing-list
rhelv5-beta-list 	Red Hat Enterprise Linux 5 (Tikanga) Beta
releases 
discussion mailing-list
rhn-outage-list 	Announcements Related to RHN Service
Interruptions
rhn-satellite-users 	[no description available]
rhn-users 	Discussions about Red Hat Network
(rhn.redhat.com)


I would suggest the redhat-list or a version specific list
(e.g., 
nahant-list).

   Alfred



Shawn Parker wrote:
> if this list is only about up2date issues, where is the
general red
> hat support mailing list?
> 
> On 11/3/06, Alfred Hovdestad <alfred.hovdestadusask.ca> wrote:
>> Hi.
>>
>> First, this doesn't really belong on the RHN list. 
This list is for
>> issues dealing with the Red Hat up2date service
(RHN aka Red Hat 
>> Network).
>>
>> Secondly, you can run ntpdate out of a cron job to
make hourly (or
>> daily) connections to an NTP server.
>>
>>     Alfred Hovdestad
>>     University of Saskatchewan
>>

_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users