{ "numMessagesInTopic": 23, "nextInTime": 1704, "senderId": "JTohS80FY1Ei80tgJeUNVGQjaFn3Q4aFu8couKbqM8lxa7DIKHUaUDU_OcKdD7lJ7Nh_Pvttlp8gaoZqmbfJCQYEmGI", "systemMessage": false, "subject": "Re: Time update on XP computers connected to SG network", "from": ""Michael" <contact@...>", "authorName": "Michael", "msgSnippet": "Heyho... Please check your rules file again...There has been a faulty carriage return in the iptables command line due to the yahoo groups system... The", "msgId": 1703, "profile": "neoblf", "topicId": 1653, "spamInfo": { "reason": "0", "isSpam": false }, "replyTo": "LIST", "userId": 174000111, "messageBody": "
> Hi Mike,problems...Just
\n> thanks for your time !
\n> Created the rule as describe but still no luck :(
\n> I'll try to re boot the server later on ....
\n>
\n> Can you tell me what the " type and index file are good for ? :)
\n> I know nothing about Linux ....
\n>
\n> Thanks !
\n>
\n>
\n> --- In magnia_sg20@yahoogroups.com, "Michael" <contact@w...> wrote:
\n> > Just another notice:
\n> >
\n> > The time.nist.gov server seems to have some timing
\n
> > try a few times to sync or use time.windows.com or any other ntpwrote:
\n> > server...
\n> >
\n> > -mike-
\n> >
\n> > --- In magnia_sg20@yahoogroups.com, "Michael" <contact@w...>
\n
> > > Well, here we are...marked
\n> > >
\n> > > Here is a transcript of my telnet session on my SG20 with the
\n> > > working rule for NTP-Updates (UDP!) with time.nist.gov...
\n> > >
\n> > > 1. Watch out that the filenames have a "*" because they´re
\n
> > > ascase,
\n> > > executable! The "*" is not part of their filename!!!
\n> > >
\n> > > 2. Watch out for the "type" file which is "client" in this
\n
> > > not server!binary
\n> > >
\n> > > -mike-
\n> > >
\n> > > *snip* ------------------------------------------------------
\n> > >
\n> > > [root@tristar ntp]# pwd
\n> > > /sa2/firewall/ntp
\n> > >
\n> > > [root@tristar ntp]# ls -al
\n> > > total 24
\n> > > drwxr-xr-x 2 root root 4096 Feb 15 13:41 ./
\n> > > drwxr-xr-x 16 root root 4096 Feb 15 13:34 ../
\n> > > -rwxr--r-- 1 root root 117 Feb 15 13:35
\n> > description*
\n> > > -rwxr--r-- 1 root root 3 Feb 15 13:34 index*
\n> > > -rwxr--r-- 1 root root 146 Feb 15 13:41 rule*
\n> > > -rwxr--r-- 1 root root 7 Feb 15 13:36 type*
\n> > >
\n> > > [root@tristar ntp]# cat description
\n> > > en=Permit NTP Protocol on Port 123/UDP
\n> > > de=Permit NTP Protocol on Port 123/UDP
\n> > > ja=Permit NTP Protocol on Port 123/UDP
\n> > >
\n> > > [root@tristar ntp]# cat index
\n> > > 70
\n> > >
\n> > > [root@tristar ntp]# cat rule
\n> > > [% IF firewall.enabled -%]
\n> > > # allow NTP clients through
\n> > > $IPTABLES -A FORWARD -p udp -s ANY/0 --sport 123 -i $INTIF -o
\n> > > $EXTIF -j ACCEPT
\n> > > [% END -%]
\n> > >
\n> > > [root@tristar ntp]# cat type
\n> > > client
\n> > >
\n> > > *snip* ------------------------------------------------------
\n> > >
\n> > >
\n> > > --- In magnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> > <lifeisfuneh@h...>
\n> > > wrote:
\n> > > > Now when we know all the details can somebody help with the
\n> > custom
\n> > > > rule for the Magnia firewall ?
\n> > > >
\n> > > > Thanks :)
\n> > > >
\n> > > >
\n> > > >
\n> > > > --- In magnia_sg20@yahoogroups.com, "Steve Wilson"
\n> > > > <jeff21212002@y...> wrote:
\n> > > > > RFC-868 (TIME) protocol returns a 32-bit unformatted
\n
> > > numberreceives
\n> > > > > that represents the time in UTC seconds since January 1,
\n> 1900.
\n> > > The
\n> > > > > server receives Time Protocol requests on port 37, and
\n> > responds
\n> > > in
\n> > > > > either tcp/ip or udp/ip formats.
\n> > > > >
\n> > > > > RFC-2030 (SNTP) is an extremely reliable protocol for time-
\n> > > > > synchronization on the Internet with accuracy from 1 to 50
\n> > > > > milliseconds, even over great distances. The server
\n
> > > SNTPformat.
\n> > > > > protocol requests on port 123, and responds in udp/ip
\n
> > > > >used :)
\n> > > > > I guess it depends on the site accessed and protocol
\n
> > > > ><no_reply@y...>
\n> > > > > --- In magnia_sg20@yahoogroups.com, fronit
\n
> > > wrote:it
\n> > > > > > Hi,
\n> > > > > > I haven't followed the whole thread here, but shouldn't
\n
> > befile
\n> > > > port
\n> > > > > > 8013 you'd need to open?
\n> > > > > >
\n> > > > > > I did so with my firewalls and all works, but that's PC
\n> > based.
\n> > > > In
\n> > > > > any
\n> > > > > > case, the port should be the same, be it PC or whatever.
\n> > > > > >
\n> > > > > > Also read here:
\n> > > > > >
\n> > > > > > http://nist.time.gov/problems.html
\n> > > > > >
\n> > > > > > > ...you may be behind a firewall and you will need to
\n> have
\n> > > your
\n> > > > > > network administrator open port 8013 in order for it to
\n> > > work....
\n> > > > > >
\n> > > > > > I'll try it over the next (peaceful) days with the SG20
\n> > > myself,
\n> > > > > just
\n> > > > > > to make sure.
\n> > > > > >
\n> > > > > >
\n> > > > > > --- In magnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> > > > > <lifeisfuneh@h...>
\n> > > > > > wrote:
\n> > > > > > > Hmm,
\n> > > > > > > I tried that rule you sudgested and also:
\n> > > > > > > $IPTABLES -A INPUT -p udp --source-port 123 -j ACCEPT
\n> > > > > > >
\n> > > > > > > $IPTABLES -A FORWARD -p udp -s ANY/0 --sport 123 -i
\n> > $INTIF -o
\n> > > > > > > $EXTIF -j ACCEPT
\n> > > > > > >
\n> > > > > > > but I still get error when updating time ... :(
\n> > > > > > >
\n> > > > > > >
\n> > > > > > >
\n> > > > > > > --- In magnia_sg20@yahoogroups.com, "Steve Wilson"
\n> > > > > > > <jeff21212002@y...> wrote:
\n> > > > > > > > Well,
\n> > > > > > > >
\n> > > > > > > > I use a Linksys router but I think this is how you
\n> would
\n> > > > make
\n> > > > > a
\n> > > > > > > > change.
\n> > > > > > > >
\n> > > > > > > > 1) go to the /sa2/firewall directory and mkdir
\n> timeserv.
\n> > > > > > > > 2) cd into timeserv
\n> > > > > > > > 3) take the lines directly below and save it as a
\n
> > > > calleddport
\n> > > > > rule
\n> > > > > > > > and place this in that directory.
\n> > > > > > > > [% IF firewall.enabled -%]
\n> > > > > > > > # allow udp port 123
\n> > > > > > > > $IPTABLES -A INPUT -p udp -i $EXTIF -d $EXTIP --
\n
> > 123 -the "Customize"
\n> > > j
\n> > > > > > ACCEPT
\n> > > > > > > > [% END -%]
\n> > > > > > > > 4)Create another file in this directory called
\n> > description
\n> > > > > with
\n> > > > > > > the
\n> > > > > > > > following.
\n> > > > > > > > en=Allow UDP 123 for TimeSync
\n> > > > > > > > 5)Create another file called index in this directory
\n> > with
\n> > > > the
\n> > > > > > > > following.
\n> > > > > > > > 70
\n> > > > > > > > 6) last step, create file called type in this
\n> directory
\n> > > with
\n> > > > > the
\n> > > > > > > > following.
\n> > > > > > > > server
\n> > > > > > > >
\n> > > > > > > >
\n> > > > > > > > This change is only for version 2.6 of an SG-20 and
\n> the
\n> > > > > > > description
\n> > > > > > > > file is the text that will show up in
\n
> > pagemagnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> > > > of
\n> > > > > the
\n> > > > > > > > Admin firewall webpage page.
\n> > > > > > > >
\n> > > > > > > >
\n> > > > > > > >
\n> > > > > > > > --- In magnia_sg20@yahoogroups.com, "lifeisfuneh"
\n> > > > > > > <lifeisfuneh@h...>
\n> > > > > > > > wrote:
\n> > > > > > > > > Hi,
\n> > > > > > > > > thanks for reply !
\n> > > > > > > > > Can you help me to set up the rule to do that ?
\n> > > > > > > > >
\n> > > > > > > > > Thanks
\n> > > > > > > > >
\n> > > > > > > > >
\n> > > > > > > > >
\n> > > > > > > > > --- In magnia_sg20@yahoogroups.com, "Steve Wilson"
\n> > > > > > > > > <jeff21212002@y...> wrote:
\n> > > > > > > > > > allow both incoming and outgoing traffic on UDP
\n> port
\n> > > 123.
\n> > > > > > > > > >
\n> > > > > > > > > >
\n> > > > > > > > > > --- In
\n
> > > > > > > > > <lifeisfuneh@h...>computer
\n> > > > > > > > > > wrote:
\n> > > > > > > > > > > Everytime I like to update time on any
\n
> > > > > connected to
\n> > > > > > > > > magnia
\n> > > > > > > > > > > I have to disable the firewall to update time
\n> > > > > > > > > > > Is there custom rule that can be added to the
\n> > > firewall
\n> > > > > > > > settings ?
\n> > > > > > > > > > >
\n> > > > > > > > > > > Thanks