[chrony-users] chronyc command for local chronyd and firewalld seem to interfere

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


I'm having trouble getting chronyc to talk to chronyd locally once I enable firewalld. I'm not sure if this qualifies as a chrony or firewall issue (or operator error....) but I'm trying here first:

My chrony.conf is set up to allow commands from localhost only:

stratumweight 0
driftfile /var/lib/chrony/drift
makestep 10 3
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
logdir /var/log/chrony
server some.ntp.server
allow 192.168/16

When I enabled firewalld (in Fedora 20), configured like this:

drop (default, active)
  interfaces: em1
  services: http ntp smtp ssh
  masquerade: yes
  rich rules:

chronyc gives me this error on the sources command:

506 Cannot talk to daemon

for the locally running chronyd. This happens only when masquerading is "yes", when I disable masquerading the sources command runs fine..

In what way should I set up things to get chronyc to be able to talk to chronyd locally with masquerading "on" for my NIC(em1), I don't understand how/why the masquerading on em1 to interfere with the localhost UDP 323 traffic.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/