Hello,
I have read and followed steps for enabling NTP time service through ASL and cannot get it to work. It is driving me nuts.
I have a 3 nic ASL. (internal, DMZ and internet). All IPS on DMZ and Internal networks are assigned and static (no masq, NAT, SNAT or DNAT).
I installed ntpv4.10 on a linux box on my internal network (a.b.21.2). I am trying to use the ntp server usno.pa-x.dec.com to poll for time updates.
I created a network group{time-servers}. I added usno.pa-x.dec.com as a network host, then added it to {time-servers}. I also have my local linux box defined in networks as a host. I made a service definition called NTP. I made this service TCP/UDP S:123 D:123.
I added two packet-filter definitions as follows:
linux-box > NTP > {time-server} allow
{time-server} > NTP > linux-box allow
Both rules are activated after being added.
Now from linux-box I can ping usno.pa-x.dec.com. If I run ntpd and point it at usno.pa-x.dec.com it sends a request but gets no response. If I run ntpdate pointed at the same time server it fails as well. If I run ntpdate with -u option (use non-privledged ports) it works just fine.
I have tried tweaking the service definitions doing things like S 0:65535 D 0:65535, using ANY, etc but nothing seems to work.
The NTP docs as udp uses port 123 on UDP only. If I have it open both ways why does it only run when specifying the use of of non-privledged ports?
I'm pulling my hair out? Anyone care to give advice before I look like Einstein?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
