Creating a Firewall Using EigerStein: Configure the Firewall to Allow Access to Network Time Servers

Configure the Firewall to Allow Access to Network Time Servers

This task will guide you through setting up the firewall to pass ntp traffic, thus allowing client or server systems on the private network to obtain time from time servers on the internet. Once you complete this task, you must then go to your internal clients/servers to configure them to access the time servers.

So, which time server should you use? There are many out on the Internet. Some are restricted, and will only allow authorized clients access. Some will allow you to access them if you first send the network manager an e-mail requesting access. Finally, there are a number that allow access with no prerequisites at all. To get more information than you ever wanted on time servers, and a list of public time servers, see http://www.eecis.udel.edu/~mills/ntp/.

Section 1: Configure /etc/network.conf for NTP Access

1
Log into the firewall as root.

2
Select option 1) Network settings

3
Select option 1) Network Configuration

4
Scroll down to the line that begins EXTERN_UDP_PORTS=.

5
Add an entry for the ntp service onto this string:
EXTERN_UDP_PORTS="0/0_domain 0/0_ntp"

6
Scroll down to the line that begins EXTERN_TCP_PORTS=.

7
Add an entry for the ntp service onto this string:
EXTERN_TCP_PORTS="0/0_ssh 0/0_ntp"

8
Press [Alt]-[w] then [Enter] to save this file.

9
Press [Alt]-[q] to exit back to the lrcfg menu.

10
Press [q] then [Enter] to return to the main menu.

Section 2: Configure Seattle Firewall for NTP Access
Complete this section only if you have already installed and configured Seattle Firewall.

1
Select option 3) Package settings.

2
Select the number next to seawall then press [Enter]

3
Select option 1) Config and press [Enter].

4
Scroll down to the line that reads:
ntpservers=""
in SECTION 1.

5
Inside the quotes (as in the example) type in the IP address of the ntp server(s) that you wish to provide access to. For example, if you will be allowing clients to receive time from the servers located at 111.222.333.444, and 222.333.444.555, this line would read:
ntpservers="111.222.333.444 222.333.444.555"

6
Press [Alt]-[w] then [Enter] to save this file.

7
Press [Alt]-[q] to return to the menu.

8
Press [q] then [Enter], then [q] then [Enter] again to return to the main menu.

9
Backup your firewall now.

10
Restart the firewall (or the network and seawall services) to effect the changes.

Contents

Configure Your Firewall for IRC

Add a Second Floppy to Your Firewall

1	Log into the firewall as root.
2	Select option 1) Network settings
3	Select option 1) Network Configuration
4	Scroll down to the line that begins EXTERN_UDP_PORTS=.
5	Add an entry for the ntp service onto this string: `EXTERN_UDP_PORTS="0/0_domain 0/0_ntp"`
6	Scroll down to the line that begins EXTERN_TCP_PORTS=.
7	Add an entry for the ntp service onto this string: `EXTERN_TCP_PORTS="0/0_ssh 0/0_ntp"`
8	Press [Alt]-[w] then [Enter] to save this file.
9	Press [Alt]-[q] to exit back to the lrcfg menu.
10	Press [q] then [Enter] to return to the main menu.

1	Select option 3) Package settings.
2	Select the number next to seawall then press [Enter]
3	Select option 1) Config and press [Enter].
4	Scroll down to the line that reads: `ntpservers=""` in SECTION 1.
5	Inside the quotes (as in the example) type in the IP address of the ntp server(s) that you wish to provide access to. For example, if you will be allowing clients to receive time from the servers located at 111.222.333.444, and 222.333.444.555, this line would read: `ntpservers="111.222.333.444 222.333.444.555"`
6	Press [Alt]-[w] then [Enter] to save this file.
7	Press [Alt]-[q] to return to the menu.
8	Press [q] then [Enter], then [q] then [Enter] again to return to the main menu.
9	Backup your firewall now.
10	Restart the firewall (or the network and seawall services) to effect the changes.