Hi,
I'm having trouble getting chronyc to talk to chronyd locally once I enable firewalld. I'm not sure if this qualifies as a chrony or firewall issue (or operator error....) but I'm trying here first:
My chrony.conf is set up to allow commands from localhost only:
stratumweight 0
driftfile /var/lib/chrony/drift
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logdir /var/log/chrony
server some.ntp.server
allow 192.168/16
When I enabled firewalld (in Fedora 20), configured like this:
drop (default, active)
interfaces: em1
sources:
services: http ntp smtp ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
chronyc gives me this error on the sources command:
506 Cannot talk to daemon
for the locally running chronyd. This happens only when masquerading is "yes", when I disable masquerading the sources command runs fine..
In what way should I set up things to get chronyc to be able to talk to chronyd locally with masquerading "on" for my NIC(em1), I don't understand how/why the masquerading on em1 to interfere with the localhost UDP 323 traffic.