Operating System - Linux
1748233 Members
3308 Online
108759 Solutions
New Discussion юеВ

Re: Help! ntpq: write to localhost failed: Operation not permitted

 
SOLVED
Go to solution
zhaogui
Super Advisor

Help! ntpq: write to localhost failed: Operation not permitted

After I implemented iptables, I cannot run ntpq and got error as shown in the subject.

But I have already opened port 123 for both ntp server and client as below,

iptables -A INPUT -p udp -j ACCEPT -s $ntpserver -d $eth0IP --dport 123
iptables -A OUTPUT -p udp -j ACCEPT -d $ntpserver -s $eth0IP --sport 123

iptables -A INPUT -p udp -j ACCEPT -s 127.0.0.1 -d $eth0IP --dport 123
iptables -A OUTPUT -p udp -j ACCEPT -d 127.0.0.1 -s $eth0IP --sport 123

iptables -A INPUT -p udp -j ACCEPT -s $ntpclient -d $eth0IP --dport 123
iptables -A OUTPUT -p udp -j ACCEPT -d $ntpclient -s $eth0IP --sport 123

Anybody can advise me on which port ntpq will use other than 123?

Thanks in advance,
7 REPLIES 7
Balaji N
Honored Contributor

Re: Help! ntpq: write to localhost failed: Operation not permitted

hi
not sure if this helps. but just give a try.


ntp seems to use port 123 only. but it has an entry in /etc/services for both tcp and udp. and your firewall rules is only for udp. try opening access for tcp as well and see if it helps.
++++++++++++
ntp 123/tcp
ntp 123/udp # Network Time Protocol
++++++++++++
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
zhaogui
Super Advisor

Re: Help! ntpq: write to localhost failed: Operation not permitted

I am very sure we only use udp as I can see from below,
#netstat -a|grep ntp
udp 0 0 msmarketp2:ntp *:*
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*

By the way, xtnpd seems working fine as shown in /var/log/messages after restart, but only ntpq doesn't work.
Apr 12 10:59:51 msmarketp2 xntpd[30397]: xntpd exiting on signal 15
Apr 12 10:59:51 msmarketp2 xntpd: xntpd shutdown succeeded
Apr 12 10:59:51 msmarketp2 xntpd[11511]: xntpd 3-5.93e Tue Feb 11 12:23:23 SGT 2
003 (1)
Apr 12 10:59:51 msmarketp2 xntpd[11511]: tickadj = 5, tick = 10000, tvu_maxslew
= 495, est. hz = 100
Apr 12 10:59:51 msmarketp2 xntpd[11511]: precision = 7 usec
Apr 12 10:59:51 msmarketp2 xntpd[11511]: read drift of 189.963 from /etc/driftfi
le
Apr 12 10:59:51 msmarketp2 xntpd: xntpd startup succeeded
Apr 12 11:04:08 msmarketp2 xntpd[11511]: synchronized to 203.117.180.36, stratum
=1

In fact I wrote a script to continuously run ntpq and at the same time I run lsof -p "pid of ntpq" and found out
that ntpq uses one of the following UDP ports
UDP *:51901
UDP *:51903
UDP *:65005
UDP *:65007

Is that correct?
Balaji N
Honored Contributor

Re: Help! ntpq: write to localhost failed: Operation not permitted

hey

sorry. completely forget how i was configuring ntp long back. i remember it very faintly.

first of all are u sure if it is a problem with your firewall. just try stoppping it and see if ntpq is running or is it reporting the same problem.

or is that xntpd is running and u r running ntpq which is causing the problem.

simply guessing and giving a shot.
-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
zhaogui
Super Advisor

Re: Help! ntpq: write to localhost failed: Operation not permitted

All the while ntp and ntpq is working fine until I applied iptables rule. My iptables is shown in the attachment and ntpq will work if I take out the last two "Reject" lines.
Bill Douglass
Esteemed Contributor
Solution

Re: Help! ntpq: write to localhost failed: Operation not permitted

btpq wants to open a connection to the ntpd daemon running on the local machine, hence the attempt to open a connection to localhost.

Your configuration does not appear to allow connections from 127.0.0.1 to 127.0.0.1, so ntpq dies with the error you indicated. Try adding

iptables -A INPUT -p all -j ACCEPT -s 127.0.0.1 -d 127.0.0.1


This will allow processes on your machine to communicate via the loopback interface.
Sergejs Svitnevs
Honored Contributor

Re: Help! ntpq: write to localhost failed: Operation not permitted

Try addding:
iptables -A OUTPUT -p udp -m state --state NEW -m udp -i lo --sport 123 -o lo --dport 123 -j ACCEPT

Regards,
Sergejs
zhaogui
Super Advisor

Re: Help! ntpq: write to localhost failed: Operation not permitted

It still doesn't work after adding "iptables -A INPUT -p all -j ACCEPT -s 127.0.0.1 -d 127.0.0.1"

By the way, Sergejs's commands got error "Can't use -i with OUTPUT".


I tried to add in one more line "iptables -A OUTPUT -p all -j ACCEPT -s 127.0.0.1 -d 127.0.0.1", now it WORKS!

Thank you Bill Douglass