{ "numMessagesInTopic": 23, "nextInTime": 1703, "senderId": "uu1cEw85W6n5wPDTPTDT4jQZ_ZzI_VSbD6be6PESFU0oLvs68d3D80K9m9dvaqM0AyeXK8S6cGytxS8iQel4cHYXRI-pTaH_qC6SA-xj", "systemMessage": false, "subject": "Re: Time update on XP computers connected to SG network", "from": ""lifeisfuneh" <lifeisfuneh@...>", "authorName": "lifeisfuneh", "msgSnippet": "Hi Mike, thanks for your time ! Created the rule as describe but still no luck :( I ll try to re boot the server later on .... Can you tell me what the type", "msgId": 1702, "profile": "lifeisfuneh", "topicId": 1653, "spamInfo": { "reason": "0", "isSpam": false }, "replyTo": "LIST", "userId": 72825321, "messageBody": "
--- In magnia_sg20@yahoogroups.com, "Michael" <contact@w...> wrote:
\n> Just another notice:
\n>
\n> The time.nist.gov server seems to have some timing problems...Just
\n> try a few times to sync or use time.windows.com or any other ntp
\n> server...
\n>
\n> -mike-
\n>
\n> --- In magnia_sg20@yahoogroups.com, "Michael" <contact@w...> wrote:
\n> > Well, here we are...
\n> >
\n> > Here is a transcript of my telnet session on my SG20 with the
\n> > working rule for NTP-Updates (UDP!) with time.nist.gov...
\n> >
\n> > 1. Watch out that the filenames have a "*" because they´re marked
\n> > as
\n> > executable! The "*" is not part of their filename!!!
\n> >
\n> > 2. Watch out for the "type" file which is "client" in this case,
\n> > not server!
\n> >
\n> > -mike-
\n> >
\n> > *snip* ------------------------------------------------------
\n> >
\n> > [root@tristar ntp]# pwd
\n> > /sa2/firewall/ntp
\n> >
\n> > [root@tristar ntp]# ls -al
\n> > total 24
\n> > drwxr-xr-x 2 root root 4096 Feb 15 13:41 ./
\n> > drwxr-xr-x 16 root root 4096 Feb 15 13:34 ../
\n> > -rwxr--r-- 1 root root 117 Feb 15 13:35
\n> description*
\n> > -rwxr--r-- 1 root root 3 Feb 15 13:34 index*
\n> > -rwxr--r-- 1 root root 146 Feb 15 13:41 rule*
\n> > -rwxr--r-- 1 root root 7 Feb 15 13:36 type*
\n> >
\n> > [root@tristar ntp]# cat description
\n> > en=Permit NTP Protocol on Port 123/UDP
\n> > de=Permit NTP Protocol on Port 123/UDP
\n> > ja=Permit NTP Protocol on Port 123/UDP
\n> >
\n> > [root@tristar ntp]# cat index
\n> > 70
\n> >
\n> > [root@tristar ntp]# cat rule
\n> > [% IF firewall.enabled -%]
\n> > # allow NTP clients through
\n> > $IPTABLES -A FORWARD -p udp -s ANY/0 --sport 123 -i $INTIF -o
\n> > $EXTIF -j ACCEPT
\n> > [% END -%]
\n> >
\n> > [root@tristar ntp]# cat type
\n> > client
\n> >
\n> > *snip* ------------------------------------------------------
\n> >
\n> >
\n> > --- In magnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> <lifeisfuneh@h...>
\n> > wrote:
\n> > > Now when we know all the details can somebody help with the
\n> custom
\n> > > rule for the Magnia firewall ?
\n> > >
\n> > > Thanks :)
\n> > >
\n> > >
\n> > >
\n> > > --- In magnia_sg20@yahoogroups.com, "Steve Wilson"
\n> > > <jeff21212002@y...> wrote:
\n> > > > RFC-868 (TIME) protocol returns a 32-bit unformatted binary
\n> > number
\n> > > > that represents the time in UTC seconds since January 1,
\n1900.
\n> > The
\n> > > > server receives Time Protocol requests on port 37, and
\n> responds
\n> > in
\n> > > > either tcp/ip or udp/ip formats.
\n> > > >
\n> > > > RFC-2030 (SNTP) is an extremely reliable protocol for time-
\n> > > > synchronization on the Internet with accuracy from 1 to 50
\n> > > > milliseconds, even over great distances. The server receives
\n> > SNTP
\n> > > > protocol requests on port 123, and responds in udp/ip format.
\n> > > >
\n> > > > I guess it depends on the site accessed and protocol used :)
\n> > > >
\n> > > > --- In magnia_sg20@yahoogroups.com, fronit <no_reply@y...>
\n> > wrote:
\n> > > > > Hi,
\n> > > > > I haven't followed the whole thread here, but shouldn't it
\n> be
\n> > > port
\n> > > > > 8013 you'd need to open?
\n> > > > >
\n> > > > > I did so with my firewalls and all works, but that's PC
\n> based.
\n> > > In
\n> > > > any
\n> > > > > case, the port should be the same, be it PC or whatever.
\n> > > > >
\n> > > > > Also read here:
\n> > > > >
\n> > > > > http://nist.time.gov/problems.html
\n> > > > >
\n> > > > > > ...you may be behind a firewall and you will need to
\nhave
\n> > your
\n> > > > > network administrator open port 8013 in order for it to
\n> > work....
\n> > > > >
\n> > > > > I'll try it over the next (peaceful) days with the SG20
\n> > myself,
\n> > > > just
\n> > > > > to make sure.
\n> > > > >
\n> > > > >
\n> > > > > --- In magnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> > > > <lifeisfuneh@h...>
\n> > > > > wrote:
\n> > > > > > Hmm,
\n> > > > > > I tried that rule you sudgested and also:
\n> > > > > > $IPTABLES -A INPUT -p udp --source-port 123 -j ACCEPT
\n> > > > > >
\n> > > > > > $IPTABLES -A FORWARD -p udp -s ANY/0 --sport 123 -i
\n> $INTIF -o
\n> > > > > > $EXTIF -j ACCEPT
\n> > > > > >
\n> > > > > > but I still get error when updating time ... :(
\n> > > > > >
\n> > > > > >
\n> > > > > >
\n> > > > > > --- In magnia_sg20@yahoogroups.com, "Steve Wilson"
\n> > > > > > <jeff21212002@y...> wrote:
\n> > > > > > > Well,
\n> > > > > > >
\n> > > > > > > I use a Linksys router but I think this is how you
\nwould
\n> > > make
\n> > > > a
\n> > > > > > > change.
\n> > > > > > >
\n> > > > > > > 1) go to the /sa2/firewall directory and mkdir
\ntimeserv.
\n> > > > > > > 2) cd into timeserv
\n> > > > > > > 3) take the lines directly below and save it as a file
\n> > > called
\n> > > > rule
\n> > > > > > > and place this in that directory.
\n> > > > > > > [% IF firewall.enabled -%]
\n> > > > > > > # allow udp port 123
\n> > > > > > > $IPTABLES -A INPUT -p udp -i $EXTIF -d $EXTIP --dport
\n> 123 -
\n> > j
\n> > > > > ACCEPT
\n> > > > > > > [% END -%]
\n> > > > > > > 4)Create another file in this directory called
\n> description
\n> > > > with
\n> > > > > > the
\n> > > > > > > following.
\n> > > > > > > en=Allow UDP 123 for TimeSync
\n> > > > > > > 5)Create another file called index in this directory
\n> with
\n> > > the
\n> > > > > > > following.
\n> > > > > > > 70
\n> > > > > > > 6) last step, create file called type in this
\ndirectory
\n> > with
\n> > > > the
\n> > > > > > > following.
\n> > > > > > > server
\n> > > > > > >
\n> > > > > > >
\n> > > > > > > This change is only for version 2.6 of an SG-20 and
\nthe
\n> > > > > > description
\n> > > > > > > file is the text that will show up in the "Customize"
\n> page
\n> > > of
\n> > > > the
\n> > > > > > > Admin firewall webpage page.
\n> > > > > > >
\n> > > > > > >
\n> > > > > > >
\n> > > > > > > --- In magnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> > > > > > <lifeisfuneh@h...>
\n> > > > > > > wrote:
\n> > > > > > > > Hi,
\n> > > > > > > > thanks for reply !
\n> > > > > > > > Can you help me to set up the rule to do that ?
\n> > > > > > > >
\n> > > > > > > > Thanks
\n> > > > > > > >
\n> > > > > > > >
\n> > > > > > > >
\n> > > > > > > > --- In magnia_sg20@yahoogroups.com, "Steve Wilson"
\n> > > > > > > > <jeff21212002@y...> wrote:
\n> > > > > > > > > allow both incoming and outgoing traffic on UDP
\nport
\n> > 123.
\n> > > > > > > > >
\n> > > > > > > > >
\n> > > > > > > > > --- In magnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> > > > > > > > <lifeisfuneh@h...>
\n> > > > > > > > > wrote:
\n> > > > > > > > > > Everytime I like to update time on any computer
\n> > > > connected to
\n> > > > > > > > magnia
\n> > > > > > > > > > I have to disable the firewall to update time
\n> > > > > > > > > > Is there custom rule that can be added to the
\n> > firewall
\n> > > > > > > settings ?
\n> > > > > > > > > >
\n> > > > > > > > > > Thanks