I’m having trouble with the ntpd:
|21:51:36|ntpdate[2274]: |sendto(81.3.27.46): Operation not permitted|
|---|---|---|
|21:51:38|ntpdate[2274]: |sendto(81.3.27.46): Operation not permitted|
|21:51:40|ntpdate[2274]: |sendto(81.3.27.46): Operation not permitted|
|21:51:42|ntpdate[2274]: |sendto(81.3.27.46): Operation not permitted|
|21:51:44|ntpdate[2274]: |no server suitable for synchronization found|
|21:52:05|ntpdate[2759]: |step time server 131.188.3.221 offset 3.258060 sec|
|21:52:06|ntpd[2807]: |ntpd 4.2.8p13@1.3847-o Sat Dec 14 09:26:31 UTC 2019 (1): Starting|
|21:52:06|ntpd[2807]: |Command line: /usr/bin/ntpd -Ap /var/run/ntpd.pid|
|21:52:06|ntpd[2809]: |proto: precision = 0.120 usec (-23)|
|21:52:06|ntpd[2809]: |basedate set to 2019-12-02|
|21:52:06|ntpd[2809]: |gps base set to 2019-12-08 (week 2083)|
|21:52:06|ntpd[2809]: |Listen and drop on 0 v6wildcard [::]:123|
|21:52:06|ntpd[2809]: |Listen and drop on 1 v4wildcard 0.0.0.0:123|
|21:52:06|ntpd[2809]: |Listen normally on 2 lo 127.0.0.1:123|
|21:52:06|ntpd[2809]: |Listen normally on 3 red0 192.168.0.100:123|
|21:52:06|ntpd[2809]: |Listen normally on 4 green0 172.24.0.254:123|
|21:52:06|ntpd[2809]: |Listening on routing socket on fd #21 for interface updates|
|21:52:06|ntpd[2809]: |kernel reports TIME_ERROR: 0x41: Clock Unsynchronized|
|21:52:06|ntpd[2809]: |kernel reports TIME_ERROR: 0x41: Clock Unsynchronized|
Firewall outgoing communication is blocked with just a few ports on a whitelist: ICMP, DNS, HTTP, HTTPS + NTP is allowed, but maybe this service also needs some additional ports?
The problem is that I find a filter log entry that shouldn’t be there:
because the RED / WAN interface is allowed to talk NTP to anywhere:
