I am trying to configure my masquerading (NAT) firewall to allow the
outside world to see one of my internal servers. (The firewall is a
Linux system running fairly ancient "Linux Router Project" code).
I've set up what should be the correct rules to forward both port 123
UDP and port 123 TCP to the internal server:
ipchains -A bad-if --dport 123 -p tcp -j ACCEPT
ipchains -A bad-if --dport 123 -p udp -j ACCEPT
ipmasqadm portfw -a -P tcp -L $PUBLIC_IP 123 -R $CESIUM 123
ipmasqadm portfw -a -P udp -L $PUBLIC_IP 123 -R $CESIUM 123
>From an external server, I can use "ntpq -p <mybox>" and I get the
billboard in response. So I think the TCP forwarding works. But
attempting to sync to the internal server yields reachability of 0,
which leads me to think something is wrong with the UDP forwarding.
The ntp.conf files on both ends are very simple and don't contain any
restrict or authentication statements.
Has anyone tried anything like this? Any ideas what might be wrong?