Re: allowing news out

Here's how I use ntpdate to set to the National Research Council timeserver
in Ottawa, Canada.

28 2 * * * /usr/sbin/ntpdate -u -s time.nrc.ca

in cron, (using udp request). DNS is round robin balanced between two hosts,
see below.

In /etc/ipf.conf:

pass out quick on ex0 proto udp from your.ip.goes.here to 132.246.168.164
port = 123
pass out quick on ex0 proto udp from your.ip.goes.here to 132.246.168.148
port = 123
pass in quick on ex0 proto udp from 132.246.168.164 to your.ip.goes.here
port > 1023
pass in quick on ex0 proto udp from 132.246.168.148 to 24.215.16.38 port >
1023

--Stef
stef@caunter.ca

----- Original Message -----
From: "dave" <dmehler@davemehler.com>
To: <ipfilter@cairo.anu.edu.au>
Sent: Sunday, July 06, 2003 4:51 PM
Subject: allowing news out


> Hello,
> I've got an ipfilter firewall that i'm tightening down. I'm allowing
out
> only specific services, right now the one i'd like to let out is news,
port
> 119 i believe, ntp is another one, port 123 i think.
> For news i've got internal clients using outlook express to connect to
> my isp's nntp server, but the firewall isn't letting the traffic out or
in,
> it seems as if the source ports change, ntp is the same way. Any
> suggestions?
> Thanks.
> Dave.
>
>