1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Dropping NTP Packets

Discussion in 'Tomato Firmware' started by jbaker6953, Sep 30, 2010.

  1. jbaker6953

    jbaker6953 LI Guru Member

    I have ntpd running on Tomato, but I can't get it to respond to queries because the packets are being dropped (logging shows dropped UDP on port 123). I tried iptables -A INPUT -p udp --dport 123 -j ACCEPT but it's still rejecting them. Any ideas?
     
  2. rhester72

    rhester72 Network Guru Member

    Please do NOT try to run a stratum-anything NTP service on the general Internet. On your LAN, fine, but NOT on the WAN.

    Rodney
     
  3. jbaker6953

    jbaker6953 LI Guru Member

    Except I have other computers separated by the Internet that will use this NTP server. I'm not sure what your objection is, but I don't think it matters as the ntpd configuration doesn't allow just anybody to use the server. Even if it did, too bad for anyone who uses it without understanding what they're doing.
     
  4. rhester72

    rhester72 Network Guru Member

    This is what VPN tunnels are for. If you aren't sure what my objection is, by all means, please read the RFC. Just because you _can_ do things does NOT mean you _should_.

    All that having been said...

    iptables -t nat -I PREROUTING 2 -p udp -d `nvram get wan_ipaddr` —dport 123 -j ACCEPT

    Rodney
     
  5. jbaker6953

    jbaker6953 LI Guru Member

    Thank you for the assist. Interestingly iptables -L doesn't show my rule, and /etc/iptables doesn't show my rule, but when I download "iptables dump" from the debugging section it does show my rule. Where does Tomato store iptables rules? The router is still dropping the packets.
     
  6. rhester72

    rhester72 Network Guru Member

    You need both rules - the one you posted and the one I did.

    Yours will show up in "iptables -t filter -L INPUT -v" (filter is the default table), mine will show up in "iptables -t nat -L PREROUTING -v".

    Rodney
     
  7. jbaker6953

    jbaker6953 LI Guru Member

    Ooops. After a reboot it's not in the iptables.txt anymore.

    Thank you.
     

Share This Page