On 04.01.2015 17:29, Bob Goodwin wrote: > > On 01/04/15 06:26, poma wrote: >> ACTING AS AN NTP SERVER /usr/share/doc/chrony/chrony.conf.example >> http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=blob;f=examples/chrony.conf.example#l167 >> >> Good morning Alfred > > On 01/03/15 19:04, Ed Greshko wrote: >> Assuming that one of them is running chronyd you'll need to configure it to >> Allow NTP client access from local network using the "allow" directive in >> the config file. You'll also need to change the firewall settings to allow >> incoming ntp requests as this is normally blocked. >> >> On the SL7 side you'll need to configure it to point to the workstation >> acting as the time server instead of servers on the internet. > > So it appears that I need to change box10 to make it an ntp server: > > # Allow NTP client access from local network. > #allow 192.168/16 > allow 192.168.1.0/24 > > In the firewalld GUI I have checked NTP under SERVICES and made it > PERMANENT. I'm really unsure of myself there! > > And then I assume I can add 192.168.1.10 [box10 ntp server] at the top > of the list of the pool of public servers in /etc/chrony.conf in > 192.168.1.48 [the samba server to be blocked from the internet]? > > Perhaps instead of 192.168.1.10 I could use 192.168.1.0/24? > > I would like some reassurance on this ... > > Bob >
All three combinations should work. /etc/chrony.conf ... # Allow NTP client access from local network. allow 192.168.1 # or allow 192.168.1/24 # or allow 192.168.1.2 allow 192.168.1.3 ... $ systemctl restart chronyd.service Open port 123/udp /usr/lib/firewalld/services/ntp.xml $ firewall-cmd --permanent --add-service=ntp $ firewall-cmd --reload $ firewall-cmd --query-service=ntp man 1 firewall-cmd -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
