Red Hat Bugzilla – Bug 72398
firstboot ntp option should be greyed out if high firewall picked in install
Last modified: 2005-10-31 17:00:50 EST
GUI install of (null) personal desktop.
Firewall options in installer left as high. First boot is offering me the
chance to start ntp running. I don't think this will work, will it..?
I think it should be greyed out if UDP traffic is being dropped, if this
I selected High during install, during firstboot I selected to use ntp and
selected terrapin.csc.ncsu.edu for the server, and now it's hung (has been for 9
minutes as I write this). The firstboot is "locked" (switching to a text vt and
then back, the firstboot dialog isn't redrawing). Since I have no shell to do
anything else, I'm going to have to reboot, but ctl-alt-del isn't working on vt1
(is that not configured for init by default on the first boot?). Ack - power
ok, on second try, i left ntp turned off and firstboot ran fine. I could be
mistaken, but isn't ip_conntrack supposed to handle associating udp as well (it
has for me in the past with things like quake3, also udp based). I know it's
major role is in the ESTABLISHED,RELATED state stuff, but maybe just
modprobe'ing ip_conntrack (i don't see a module specific for udp) or perhaps
just installing a rule to enable UDP NTP traffic from the selected server
(*before* attempting the actual ntp action :) would suffice?
Actually, that makes more sense - whichever server is selected should have an
iptables rule added on the spot and then a "service iptables save" (or whatever
route) to make that more permanent since in the case where ip_conntrack can't
associate the outgoing ntp request and an incoming response (which I *think* it
can do, but I could be mistaken), this rule will be needed long-term.
Course, if there are config program code paths that can change the ntp server,
they'll need this iptables logic as well, I'd imagine, to remove the old one(s)
and add the new one(s)
At least, this is all AFAICT of course
forgot to restate that since the later stage of RHN registration worked fine,
there's no issue about "was networking working" - the "hung" state of the NTP
attempt is 99% likely due to the High firewalling selection during the install.
The initscript for ntp4.1.1a-7 will now poke a hole in the firewall to allow NTP
connections to pass through.
QA, please verify.
verified ... this should be closed
Can this be re-opened? I am seeing this with Fedora Core Test 3 and
Fedora Core 1.
I had the default firewall enabled (with SSH opened), and then I tried
to enable clock synchronization in Firstboot. Fedora core hung for 30
minutes. I had to restart my computer, and not choose that option to