NTP, ntpdate, and ISP-based firewall

[Don Levey]

fedora-list-admin at redhat.com wrote:
> From: "Don Levey" <fedora-list at the-leveys.us>
>> fedora-list-admin at redhat.com wrote:
>>> Rodolfo J. Paiz wrote:
>>>> At 12:17 3/4/2004, you wrote:
>>>>
>>>>> I'm not getting anything back.  Feh.  Doesn't deem to make a
>>>>> difference whether or not I have iptables running.
>>>> Make sure you can type "iptables -L" and get a display with no
>>>> rules and all policies set to ACCEPT.
>>>
>>> It shouldn't matter. The tcpdump shows that the packets aren't even
>>> getting to his system. The default iptables doesn't get in the way
>>> of replies anyway. Even if it did, the tcpdump would have shown the
>>> server packet arriving and then iptables sending an ICMP prohibited
>>> reply.
>>>
>>>>> I opened port 123 on my Linksys firewall
>>>> Make sure you open UDP/123 instead of TCP.
>>>
>>> This, on the other hand, may be relevant.
>>
>> As I recall, this is what I did yesterday.
>> It's at home right now, with no remote access to configuration, but
>>  I can confirm later. -Don
>
> If your own firewall is blocking the return packets it should show up
> in your main system logs, /var/log/messages.
>
> Run a tcpdump while you set time using ntpdate. If ntpdate works
> there is no sensible reason ntpd should not unless you are trying the
> multicasting "stuff".
>
> {^_^}

I've received word from my ISP that they are *not* blocking port 123.  I see
on my Linksys router/firewall that my packets are going out (it's the last
step before the cable modem).  However, nothing comes back to it.  Not on
port 123, not on any other port from those hosts.  The ntpdate -u gets
results, however.  Oh well.

I guess I'll just need to do this manually once in a while, and then sync up
the rest of my machines with this one.

Thanks for the help,
 -Don