Very Computer

Russ,
the following is my rule for just that purpose ...
# TIME client requests. (Port 37)
ipchains -A output -i ppp0 -p tcp  -s $PPP_IP $HI -d $TS_1 37  -j ACCEPT

It is basically exactly the same as yours ... Mine works fine ... so
there must be another reason.  Where in your script are you putting the
rule ... position *is* important.

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
"Normal people ... believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have enough
features ... yet." -- Scott Adams
----
http://www.bell-bird.com.au

----

Hi Luke & Neuromancer,

Usually "timed" is UDP not TCP. -> "man timed"

would be helpful to see the log line here. Maybe you see there PROTO=17 ?

Quote:> Russ,
> the following is my rule for just that purpose ...
> # TIME client requests. (Port 37)
> ipchains -A output -i ppp0 -p tcp  -s $PPP_IP $HI -d $TS_1 37  -j ACCEPT

> It is basically exactly the same as yours ... Mine works fine ... so
> there must be another reason.  Where in your script are you putting the
> rule ... position *is* important.

Do the counters rise for that rule ? -> ipchains -L -v

Bye, Jens

--
Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen
Computing Center Technical University Aachen, firewalls/network security

Private: Rochusstr. 26, D52062 Aachen, Fon: +49 241 29888, Fax: % 29889

Good point ... if it were relevant,but Neuromancer asked about rdate NOT
timed

%man rdate
SYNOPSIS
       rdate [-p] [-s] [host...]

DESCRIPTION
       Rdate  uses  TCP  to  retrieve the current time of another
       machine using using the protocol  described  in  RFC  868.
       The  time  for each system is returned in ctime(3) format.

--------------------------------------------^^^^^

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
"Normal people ... believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have enough
features ... yet." -- Scott Adams
----
http://www.bell-bird.com.au

----

[snip]

Quote:> Where in your script are you putting the
> rule ... position *is* important.

In a response the other day I believe I may
have implied that location of a rule in a
script did not matter...  That was not my
intent. Position *is* important.  Thanks
Luke for such a polite correction.

-m-

--

Stunning Photo of Bitterroot Burning: http://www.urbanna.net/bitterroot.jpg

Urrgh. Being able to read gives a clear advantage. Sorry.

Jens

--
Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen
Computing Center Technical University Aachen, firewalls/network security

Private: Rochusstr. 26, D52062 Aachen, Fon: +49 241 29888, Fax: % 29889

USe: "ipchains -nvL --line" to get list output of the rules.

What does rule #46 say?

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
"Normal people ... believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have enough
features ... yet." -- Scott Adams
----
http://www.bell-bird.com.au

----

That, Sir, _is_ one of your sweeper rules, indicating that your rdate
rule is not working for some reason.

1.      check your syntax for case and accuracy on the $TIME_SERVER variable
etc.
2.      check the ip addr of the time server to ensure it is correct.
3.      try a broader rule like:

ipchains -A output -i ppp0 -p tcp  -s $IPADDR $UNPRIVPORTS --dport 37
-j ACCEPT

This will accept output to any host with a dest port of 37. (wouldn't
hurt to log it and compare the ip address of the time server to see if
it is the same as where you were trying to connect originally.)

if this works then try the original rule you had with the confirmed ip
address.

That should get you going!

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
"Normal people ... believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have enough
features ... yet." -- Scott Adams
----
http://www.bell-bird.com.au

----

Glad to be of assistance       ;8]

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
"Normal people ... believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have enough
features ... yet." -- Scott Adams
----
http://www.bell-bird.com.au

----

I dont think it was in this thread Michael, in fact I dont recall seeing
such a response,but I'll accept any praise thats forthcoming :8]

 ... lord knows our bosses rarely praise the work we do.

--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
"Normal people ... believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have enough
features ... yet." -- Scott Adams
----
http://www.bell-bird.com.au

----