------ Re: NTP && IP Filter / NAT
This is a discussion on ------ Re: NTP && IP Filter / NAT within the IPFilter forums, part of the System Security and Security Related category; Matthias Apitz wrote: > El día Wednesday, September 05, 2007 a las 11:30:02PM -0700, Darren Reed escribió: &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-06-2007
|
|||
|
|||
------ Re: NTP && IP Filter / NAT
Matthias Apitz wrote:
> El día Wednesday, September 05, 2007 a las 11:30:02PM -0700, Darren Reed escribió: > > > You can do this: > > > > map em1 from 193.31.10.32/24 to any port = 123 -> xxx.xxx.xxx.xxx/32 udp age 30/1 > > > > to limit make the timeout 30 seconds for a reply and 1 second after the > > reply > > has been recieved. > > Hello Darren, > > Sorry to have overlooked the 'age' parameter in the man page, I was > doing 'man -S5 ipnat | col -b | fgrep time'; but it gives now an error > and the line 37 is exactly cut&pasted from your hint and changed > xxx.xxx.xxx.xxx to the real IP of the NIC): > > # ipnat -CF -f /etc/ipnat.rules > 0 entries flushed from NAT table > 3 entries flushed from NAT list > syntax error error at "age", line 37 > Correct syntax for input: map em1 from 193.31.10.32/24 to any port = 123 -> 1.1.1.1/32 age 30/1 udp ..it should allow the other as well, as that's what comes out of "ipant -l". Sorry about that. Darren 
|
Linear Mode
