Anyone gotten either ntp or chrony working when masquerading is enabled
Ed Greshko
ed.greshko at greshko.com
Sat Jan 24 22:04:56 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/25/15 05:47, Sam Varshavchik wrote:
> As far as I can determine, the way that firewalld sets up masquerading completely breaks both ntpd and chrony.
>
> Both servers appears to start, but their corresponding client-side tools, ntpdc or chronyc, cannot talk to them. strace shows that UDP packets to 127.0.0.1 have their source IP address rewritten to the public interface, and the server's response is lost.
>
> This bug with firewalld's masquerading rules was reported back in October, as bug 1152472.
>
> If anyone managed to get either ntpd or chrony fully functional on a server that has firewalld's masquerading enabled, I'd love to know how you did that.
It isn't 100% clear to me the configuration of which you speak.
Are you talking about a 2 interface system with the Fedora firewalld system acting as a "router" with masquerading for a set of clients "behind" it?
And where are the ntp clients in relation to the server?
- --
If you can't laugh at yourself, others will gladly oblige.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTEFvEACgkQ4JnKjVbCBvq8bgCeNArlhvB8tZv+DKg/n7mpZW2C
5QQAn1ptCi2kDPYjOVh6tZeop14f7OWB
=wkCI
-----END PGP SIGNATURE-----
More information about the users
mailing list