Wednesday, March 9, 2011

Add NTP to the router/gateway

This post is obsolete and has been superseded


NTP is useful to set the time of LAN devices. In addition, the 'adjtimex' package updates the hardware clock. (Slightly out-of-date instructions)

  1. Install NTP with the following command:
    apt-get install ntp adjtimex
  2. Edit the /etc/ntp.conf file to broadcast time to the LAN:
    ## Around Line 48
    # If you want to provide time to your local subnet, change the next line.
    # (Again, the address is an example only.)
    #broadcast 192.168.123.255
    broadcast 192.168.1.0
  3. Edit /etc/hosts.allow and /etc/hosts.deny to limit access to ntpd. Edit /etc/hosts.allow to look more like this:
    sshd:              192.168.1.0/26
    debtorrent-client: 192.168.1.0/26
    ntpd:              192.168.1.0/26
    ALL:               192.168.1.0/26
    # /26 creates the range .1.0 - .1.62
    
    And edit /etc/hosts.deny to look more like this:
    sshd:              ALL
    debtorrent-client: ALL
    ntpd:              ALL
    ALL:               ALL
    
  4. xinted and dnsmasq do not interact with ntpd, and no changes are required.
  5. Firewall rules to open those two listening ports. Edit the file /etc/network/if-up.d/00-firewall to add the following rules:
    # ALLOW INCOMING OPEN PORTS TO THE SERVER FROM OUTSIDE HERE
    #
    # Allow incoming debtorrent requests on TCP ports 9899-9990
    iptables -A INPUT -p tcp --dport 9899 -j ACCEPT
    iptables -A INPUT -p tcp --dport 9900 -j ACCEPT
    #
    # Allow NTP syncs on UDP port 123
    iptables -A INPUT -p udp --dport 123 -j ACCEPT 
    iptables -A OUTPUT -p udp --sport 123 -j ACCEPT
    #
    #
    
  6. Restart ntpd with these commands:
    sh /etc/network/if-up.d/00-firewall  # Reload the firewall
    service ntpd restart                 # Reload /etc/ntp.conf
    

No comments:

Post a Comment