chrony lan - OT -_-

[poma]

On 04.01.2015 17:29, Bob Goodwin wrote:
> 
> On 01/04/15 06:26, poma wrote:
>> ACTING AS AN NTP SERVER /usr/share/doc/chrony/chrony.conf.example 
>> http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=blob;f=examples/chrony.conf.example#l167 
>> Good morning Alfred 
> 
> On 01/03/15 19:04, Ed Greshko wrote:
>> Assuming that one of them is running chronyd you'll need to configure it to Allow NTP client access from local network using the "allow" directive in the config file.  You'll also need to change the firewall settings to allow incoming ntp requests as this is normally blocked.
>>
>> On the SL7 side you'll need to configure it to point to the workstation acting as the time server instead of servers on the internet.
> 
> So it appears that I need to change box10 to make it an ntp server:
> 
> # Allow NTP client access from local network.
> #allow 192.168/16
> allow 192.168.1.0/24
> 
> In the firewalld GUI I have checked NTP under SERVICES and made it 
> PERMANENT. I'm really unsure of myself there!
> 
> And then I assume I can add 192.168.1.10 [box10 ntp server] at the top 
> of the list of the pool of public servers in /etc/chrony.conf in 
> 192.168.1.48 [the samba server to be blocked from the internet]?
> 
> Perhaps instead of 192.168.1.10 I could use 192.168.1.0/24?
> 
> I would like some reassurance on this ...
> 
> Bob
> 

All three combinations should work.
/etc/chrony.conf
...
# Allow NTP client access from local network.
allow 192.168.1
# or
allow 192.168.1/24
# or
allow 192.168.1.2
allow 192.168.1.3
...

$ systemctl restart chronyd.service

Open port 123/udp
/usr/lib/firewalld/services/ntp.xml

$ firewall-cmd --permanent --add-service=ntp
$ firewall-cmd --reload
$ firewall-cmd --query-service=ntp

man 1 firewall-cmd