I've been investigating it, and here's what I've come up:
1. the firewall is set up to allow traffic from the LAN to the firewall on the NTP port (123)
[20:59:46] root@accalia:/etc/shorewall # shorewall show | grep 123
30 2280 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
2. my /etc/hosts.allow is configured
sshd sshd1 sshd2 : ALL : ALLOW
ntp : ALL : ALLOW
I was using "10.0.0.0/255.255.255.240" first, but I changed it to ALL to make sure.
3. OpenNTPd is configured properly:
listen on 10.0.0.1
servers pool.ntp.org
4. OpenNTPd is running and actually listening for connections!
[21:05:58] root@accalia:/etc/shorewall # netstat -l | grep ntp
udp 0 0 accalia.begaaid.be:ntp *:*
So everything should be OK, right? WRONG! When I try to sync the clock of one of the systems on the LAN I get an error:
[21:17:43] root@venetia:/ $ ntpdate accalia.begaaid.be
26 May 21:17:44 ntpdate[27366]: no server suitable for synchronization found
And when I port probe the server, nmap tells me port 123 is closed.
]]>