On Tue, Dec 4, 2012 at 2:29 PM, Rajagopal Swaminathan wrote:
Please treat this post with kid gloves as I am bit rusty of the late on
centos and last NTP server that I worked on was during centos 5.1 days.
I am going to have to install centos 6.3 in coming week in all windows
This box will be the tunning glpi and ocs-inventory.
I am planning to have two NICs: one facing the raw internet and other on a
It's not necessary to have two NICs unless you're setting it up as your
firewall. Do as you see fit.
I want this box (as NTP Client) to get time through NTP from raw internet
Take a look at /etc/ntp.conf ... it has comments that document it well.
Add time sources (servers) to your ntp.conf . I've read recommendations
to have at least eight time sources, but definitely have three (CentOS
defaults to three).
It's generally recommended to select servers from the public NTP pool .
Consider adding restrictions  to go along with each time source to
I want this box to be the primary NTP server for the private LAN.
If you're using DHCP to assign addresses then you can set the ntp server
option. Since you have a group of servers I find it unlikely you're using
DHCP. You'll probably have to use Group Policy or any other method to set
the time server on your Windows boxes.
none of the packet should traverse pass from LAN to Internet or vice versa.
IOW, no routing should be there.
If it work perhaps at a future date, may be an instance of squid proxy.
I dont mind all the ports being open for the Private LAN or is that a bad
It's best practice to implement firewall rules that only open up what needs
to be accessible.
Certainly add an iptables rule for UDP port 123 that allows your LAN
I am not sure if there is a DNS in this whole scenario
I strongly suggest you refer to your internal NTP server by its domain
name. This will make it easy to point clients at a different physical host
by updating a DNS record.
And yes all the windows boxens (few w2k3, XP) in the LAN would have to
synchronise time with this centos bo
Is it possible?
If so, how would typical config files for eth0, eth2, firewall(s) look
So it seems...
Are you making this box into a firewall / NAT host?
// SilverTip257 //