centos iptables and ntp
I set up ntp and iptables on my centos box (6.4). It looks like iptables is stopping ntp from reaching the server. My /var/log/messages has many entries like this -
Sep 7 11:43:41 solar ntpd[27202]: sendto(194.71.144.71) (fd=22): Operation not permitted
Sep 7 11:44:00 solar ntpd[27202]: sendto(217.115.155.125) (fd=22): Operation not permitted
Sep 7 11:44:44 solar ntpd[27202]: sendto(194.71.144.71) (fd=22): Operation not permitted
Sep 7 11:45:03 solar ntpd[27202]: sendto(217.115.155.125) (fd=22): Operation not permitted
Sep 7 11:45:47 solar ntpd[27202]: sendto(194.71.144.71) (fd=22): Operation not permitted
ntp commands and output -
$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
time.an3k.de 192.53.103.108 2 u 5h 256 0 16.081 3.973 0.000
pool.ntp.connec 192.36.144.22 2 u 5h 256 0 38.288 2.309 0.000
*ntp0.mediamatic 193.0.0.229 2 u 335 1024 377 9.038 0.684 0.255
$ ntpdate
7 Sep 19:10:21 ntpdate[6607]: no servers can be used, exiting
$ ntpstat
synchronised to NTP server (130.130.91.183) at stratum 3
time correct to within 65 ms
polling server every 1024 s
I read somewhere that using iptables to open the port without specific source/destination IPs is a risk. So which IPs should I use - ntp.conf has just hostnames.