how to forward ntp traffic to default gateway instead of vpn tunnel

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















I have a small Raspberry Pi server connected to an openvpn provider, used as a VPN gateway. Almost everything works fine with the following iptables rules:



iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT


However, the VPN provider blocks NTP traffic (udp port 123).



How do I make iptables route all NTP traffic via the default gateway (which is 192.168.1.1 on eth0)?






iptables vpn ntp







share|improve this question
























  • have you considered running an ntp daemon on 192.168.1.1 and configuring all your LAN clients to use that?

    – cas
    Jun 4 '16 at 10:58











  • Tried that too, however the ntpd tries to access public NTP servers via VPN tunnel, of course without success. Tried to specify a server list in vpn.conf that should be exluded from routing via tunnel. This solution is unstable for me, as these servers might go offline at some point.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:09











  • Does your router have another connection to the internet? if so, why is it routing ntp traffic via the Rpi? is the Rpi itself your router? i'm trying to understand your network structure...

    – cas
    Jun 4 '16 at 11:31











  • The default internet gateway on the LAN is a dd-wrt router at 192.168.1.1 Rpi is connected to the LAN on eth0, and using the default gateway to connect to the VPN. Rpi is set up as a router to/from the VPN. Some specific devices on the LAN that I want to go online though VPN have Rpi's address as their gateway. Rpi routes all traffic to the VPN by default, so I need only udp port 123 (NTP) to go via 192.168.1.1 instead to the VPN tun0.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:37












  • ok, so why is your dd-wrt routing ntp packets via the rpi?

    – cas
    Jun 4 '16 at 11:39















0















I have a small Raspberry Pi server connected to an openvpn provider, used as a VPN gateway. Almost everything works fine with the following iptables rules:



iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT


However, the VPN provider blocks NTP traffic (udp port 123).



How do I make iptables route all NTP traffic via the default gateway (which is 192.168.1.1 on eth0)?






iptables vpn ntp







share|improve this question
























  • have you considered running an ntp daemon on 192.168.1.1 and configuring all your LAN clients to use that?

    – cas
    Jun 4 '16 at 10:58











  • Tried that too, however the ntpd tries to access public NTP servers via VPN tunnel, of course without success. Tried to specify a server list in vpn.conf that should be exluded from routing via tunnel. This solution is unstable for me, as these servers might go offline at some point.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:09











  • Does your router have another connection to the internet? if so, why is it routing ntp traffic via the Rpi? is the Rpi itself your router? i'm trying to understand your network structure...

    – cas
    Jun 4 '16 at 11:31











  • The default internet gateway on the LAN is a dd-wrt router at 192.168.1.1 Rpi is connected to the LAN on eth0, and using the default gateway to connect to the VPN. Rpi is set up as a router to/from the VPN. Some specific devices on the LAN that I want to go online though VPN have Rpi's address as their gateway. Rpi routes all traffic to the VPN by default, so I need only udp port 123 (NTP) to go via 192.168.1.1 instead to the VPN tun0.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:37












  • ok, so why is your dd-wrt routing ntp packets via the rpi?

    – cas
    Jun 4 '16 at 11:39













0












0








0








I have a small Raspberry Pi server connected to an openvpn provider, used as a VPN gateway. Almost everything works fine with the following iptables rules:



iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT


However, the VPN provider blocks NTP traffic (udp port 123).



How do I make iptables route all NTP traffic via the default gateway (which is 192.168.1.1 on eth0)?






iptables vpn ntp







share|improve this question
















I have a small Raspberry Pi server connected to an openvpn provider, used as a VPN gateway. Almost everything works fine with the following iptables rules:



iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT


However, the VPN provider blocks NTP traffic (udp port 123).



How do I make iptables route all NTP traffic via the default gateway (which is 192.168.1.1 on eth0)?






iptables vpn ntp




iptables vpn ntp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jun 4 '16 at 10:58









cas

39.5k455103




39.5k455103










asked Jun 4 '16 at 10:29









Branislav ZlatkovicBranislav Zlatkovic

11




11












  • have you considered running an ntp daemon on 192.168.1.1 and configuring all your LAN clients to use that?

    – cas
    Jun 4 '16 at 10:58











  • Tried that too, however the ntpd tries to access public NTP servers via VPN tunnel, of course without success. Tried to specify a server list in vpn.conf that should be exluded from routing via tunnel. This solution is unstable for me, as these servers might go offline at some point.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:09











  • Does your router have another connection to the internet? if so, why is it routing ntp traffic via the Rpi? is the Rpi itself your router? i'm trying to understand your network structure...

    – cas
    Jun 4 '16 at 11:31











  • The default internet gateway on the LAN is a dd-wrt router at 192.168.1.1 Rpi is connected to the LAN on eth0, and using the default gateway to connect to the VPN. Rpi is set up as a router to/from the VPN. Some specific devices on the LAN that I want to go online though VPN have Rpi's address as their gateway. Rpi routes all traffic to the VPN by default, so I need only udp port 123 (NTP) to go via 192.168.1.1 instead to the VPN tun0.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:37












  • ok, so why is your dd-wrt routing ntp packets via the rpi?

    – cas
    Jun 4 '16 at 11:39

















  • have you considered running an ntp daemon on 192.168.1.1 and configuring all your LAN clients to use that?

    – cas
    Jun 4 '16 at 10:58











  • Tried that too, however the ntpd tries to access public NTP servers via VPN tunnel, of course without success. Tried to specify a server list in vpn.conf that should be exluded from routing via tunnel. This solution is unstable for me, as these servers might go offline at some point.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:09











  • Does your router have another connection to the internet? if so, why is it routing ntp traffic via the Rpi? is the Rpi itself your router? i'm trying to understand your network structure...

    – cas
    Jun 4 '16 at 11:31











  • The default internet gateway on the LAN is a dd-wrt router at 192.168.1.1 Rpi is connected to the LAN on eth0, and using the default gateway to connect to the VPN. Rpi is set up as a router to/from the VPN. Some specific devices on the LAN that I want to go online though VPN have Rpi's address as their gateway. Rpi routes all traffic to the VPN by default, so I need only udp port 123 (NTP) to go via 192.168.1.1 instead to the VPN tun0.

    – Branislav Zlatkovic
    Jun 4 '16 at 11:37












  • ok, so why is your dd-wrt routing ntp packets via the rpi?

    – cas
    Jun 4 '16 at 11:39
















have you considered running an ntp daemon on 192.168.1.1 and configuring all your LAN clients to use that?

– cas
Jun 4 '16 at 10:58





have you considered running an ntp daemon on 192.168.1.1 and configuring all your LAN clients to use that?

– cas
Jun 4 '16 at 10:58













Tried that too, however the ntpd tries to access public NTP servers via VPN tunnel, of course without success. Tried to specify a server list in vpn.conf that should be exluded from routing via tunnel. This solution is unstable for me, as these servers might go offline at some point.

– Branislav Zlatkovic
Jun 4 '16 at 11:09





Tried that too, however the ntpd tries to access public NTP servers via VPN tunnel, of course without success. Tried to specify a server list in vpn.conf that should be exluded from routing via tunnel. This solution is unstable for me, as these servers might go offline at some point.

– Branislav Zlatkovic
Jun 4 '16 at 11:09













Does your router have another connection to the internet? if so, why is it routing ntp traffic via the Rpi? is the Rpi itself your router? i'm trying to understand your network structure...

– cas
Jun 4 '16 at 11:31





Does your router have another connection to the internet? if so, why is it routing ntp traffic via the Rpi? is the Rpi itself your router? i'm trying to understand your network structure...

– cas
Jun 4 '16 at 11:31













The default internet gateway on the LAN is a dd-wrt router at 192.168.1.1 Rpi is connected to the LAN on eth0, and using the default gateway to connect to the VPN. Rpi is set up as a router to/from the VPN. Some specific devices on the LAN that I want to go online though VPN have Rpi's address as their gateway. Rpi routes all traffic to the VPN by default, so I need only udp port 123 (NTP) to go via 192.168.1.1 instead to the VPN tun0.

– Branislav Zlatkovic
Jun 4 '16 at 11:37






The default internet gateway on the LAN is a dd-wrt router at 192.168.1.1 Rpi is connected to the LAN on eth0, and using the default gateway to connect to the VPN. Rpi is set up as a router to/from the VPN. Some specific devices on the LAN that I want to go online though VPN have Rpi's address as their gateway. Rpi routes all traffic to the VPN by default, so I need only udp port 123 (NTP) to go via 192.168.1.1 instead to the VPN tun0.

– Branislav Zlatkovic
Jun 4 '16 at 11:37














ok, so why is your dd-wrt routing ntp packets via the rpi?

– cas
Jun 4 '16 at 11:39





ok, so why is your dd-wrt routing ntp packets via the rpi?

– cas
Jun 4 '16 at 11:39










1 Answer
1






active

oldest

votes


















0














Policy routing to rescue. At your RPi as root do the following:



# echo 100 direct >> /etc/iproute2/rt_tables
# ip rule add fwmark 123 table direct
# ip route add default via 192.168.1.1 dev eth0 table direct
# iptables -t mangle -A OUTPUT -p udp --dport 123 -j MARK --set-mark 123





share|improve this answer























  • Unfortunately this doesn't work either from Rpi or any device that has Rpi as a router. Running tcpdump on eth0 shows this for ntp requests made by Rpi: IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12 IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12

    – Branislav Zlatkovic
    Jun 4 '16 at 12:36












  • It should not do this for other devices as you did not mention that RPi should forward ntp traffic for others as well. To allow forwarding you should add the same rule to PREROUTING in a mangle table as well. Also, check that your ntp client is bound to eth0 at RPi

    – Serge
    Jun 4 '16 at 12:44











  • Adding the same rule to PREROUTING did the trick for others. For the ntpd on Rpi, the following rule did the trick: iptables -A POSTROUTING -t nat -o eth0 -p udp --dport 123 -j SNAT --to 192.168.1.2 One more question, how to make ip rule and ip route persistent?

    – Branislav Zlatkovic
    Jun 4 '16 at 13:36











  • to set routes you have to customize /etc/sysconfig/network-scripts/route-eth0 or whatever way appropriate to your system. The riles are not flushed during interface state transitions as far as I remember, so rc.local or other suitable place would be good.

    – Serge
    Jun 4 '16 at 14:30










Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f287627%2fhow-to-forward-ntp-traffic-to-default-gateway-instead-of-vpn-tunnel%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Policy routing to rescue. At your RPi as root do the following:



# echo 100 direct >> /etc/iproute2/rt_tables
# ip rule add fwmark 123 table direct
# ip route add default via 192.168.1.1 dev eth0 table direct
# iptables -t mangle -A OUTPUT -p udp --dport 123 -j MARK --set-mark 123





share|improve this answer























  • Unfortunately this doesn't work either from Rpi or any device that has Rpi as a router. Running tcpdump on eth0 shows this for ntp requests made by Rpi: IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12 IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12

    – Branislav Zlatkovic
    Jun 4 '16 at 12:36












  • It should not do this for other devices as you did not mention that RPi should forward ntp traffic for others as well. To allow forwarding you should add the same rule to PREROUTING in a mangle table as well. Also, check that your ntp client is bound to eth0 at RPi

    – Serge
    Jun 4 '16 at 12:44











  • Adding the same rule to PREROUTING did the trick for others. For the ntpd on Rpi, the following rule did the trick: iptables -A POSTROUTING -t nat -o eth0 -p udp --dport 123 -j SNAT --to 192.168.1.2 One more question, how to make ip rule and ip route persistent?

    – Branislav Zlatkovic
    Jun 4 '16 at 13:36











  • to set routes you have to customize /etc/sysconfig/network-scripts/route-eth0 or whatever way appropriate to your system. The riles are not flushed during interface state transitions as far as I remember, so rc.local or other suitable place would be good.

    – Serge
    Jun 4 '16 at 14:30















0














Policy routing to rescue. At your RPi as root do the following:



# echo 100 direct >> /etc/iproute2/rt_tables
# ip rule add fwmark 123 table direct
# ip route add default via 192.168.1.1 dev eth0 table direct
# iptables -t mangle -A OUTPUT -p udp --dport 123 -j MARK --set-mark 123





share|improve this answer























  • Unfortunately this doesn't work either from Rpi or any device that has Rpi as a router. Running tcpdump on eth0 shows this for ntp requests made by Rpi: IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12 IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12

    – Branislav Zlatkovic
    Jun 4 '16 at 12:36












  • It should not do this for other devices as you did not mention that RPi should forward ntp traffic for others as well. To allow forwarding you should add the same rule to PREROUTING in a mangle table as well. Also, check that your ntp client is bound to eth0 at RPi

    – Serge
    Jun 4 '16 at 12:44











  • Adding the same rule to PREROUTING did the trick for others. For the ntpd on Rpi, the following rule did the trick: iptables -A POSTROUTING -t nat -o eth0 -p udp --dport 123 -j SNAT --to 192.168.1.2 One more question, how to make ip rule and ip route persistent?

    – Branislav Zlatkovic
    Jun 4 '16 at 13:36











  • to set routes you have to customize /etc/sysconfig/network-scripts/route-eth0 or whatever way appropriate to your system. The riles are not flushed during interface state transitions as far as I remember, so rc.local or other suitable place would be good.

    – Serge
    Jun 4 '16 at 14:30













0












0








0







Policy routing to rescue. At your RPi as root do the following:



# echo 100 direct >> /etc/iproute2/rt_tables
# ip rule add fwmark 123 table direct
# ip route add default via 192.168.1.1 dev eth0 table direct
# iptables -t mangle -A OUTPUT -p udp --dport 123 -j MARK --set-mark 123





share|improve this answer













Policy routing to rescue. At your RPi as root do the following:



# echo 100 direct >> /etc/iproute2/rt_tables
# ip rule add fwmark 123 table direct
# ip route add default via 192.168.1.1 dev eth0 table direct
# iptables -t mangle -A OUTPUT -p udp --dport 123 -j MARK --set-mark 123






share|improve this answer












share|improve this answer



share|improve this answer










answered Jun 4 '16 at 12:26









SergeSerge

5,73521326




5,73521326












  • Unfortunately this doesn't work either from Rpi or any device that has Rpi as a router. Running tcpdump on eth0 shows this for ntp requests made by Rpi: IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12 IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12

    – Branislav Zlatkovic
    Jun 4 '16 at 12:36












  • It should not do this for other devices as you did not mention that RPi should forward ntp traffic for others as well. To allow forwarding you should add the same rule to PREROUTING in a mangle table as well. Also, check that your ntp client is bound to eth0 at RPi

    – Serge
    Jun 4 '16 at 12:44











  • Adding the same rule to PREROUTING did the trick for others. For the ntpd on Rpi, the following rule did the trick: iptables -A POSTROUTING -t nat -o eth0 -p udp --dport 123 -j SNAT --to 192.168.1.2 One more question, how to make ip rule and ip route persistent?

    – Branislav Zlatkovic
    Jun 4 '16 at 13:36











  • to set routes you have to customize /etc/sysconfig/network-scripts/route-eth0 or whatever way appropriate to your system. The riles are not flushed during interface state transitions as far as I remember, so rc.local or other suitable place would be good.

    – Serge
    Jun 4 '16 at 14:30

















  • Unfortunately this doesn't work either from Rpi or any device that has Rpi as a router. Running tcpdump on eth0 shows this for ntp requests made by Rpi: IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12 IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12

    – Branislav Zlatkovic
    Jun 4 '16 at 12:36












  • It should not do this for other devices as you did not mention that RPi should forward ntp traffic for others as well. To allow forwarding you should add the same rule to PREROUTING in a mangle table as well. Also, check that your ntp client is bound to eth0 at RPi

    – Serge
    Jun 4 '16 at 12:44











  • Adding the same rule to PREROUTING did the trick for others. For the ntpd on Rpi, the following rule did the trick: iptables -A POSTROUTING -t nat -o eth0 -p udp --dport 123 -j SNAT --to 192.168.1.2 One more question, how to make ip rule and ip route persistent?

    – Branislav Zlatkovic
    Jun 4 '16 at 13:36











  • to set routes you have to customize /etc/sysconfig/network-scripts/route-eth0 or whatever way appropriate to your system. The riles are not flushed during interface state transitions as far as I remember, so rc.local or other suitable place would be good.

    – Serge
    Jun 4 '16 at 14:30
















Unfortunately this doesn't work either from Rpi or any device that has Rpi as a router. Running tcpdump on eth0 shows this for ntp requests made by Rpi: IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12 IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12

– Branislav Zlatkovic
Jun 4 '16 at 12:36






Unfortunately this doesn't work either from Rpi or any device that has Rpi as a router. Running tcpdump on eth0 shows this for ntp requests made by Rpi: IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12 IP 10.125.14.6.56940 > 78.46.37.9.123: NTPv2, Reserved, length 12

– Branislav Zlatkovic
Jun 4 '16 at 12:36














It should not do this for other devices as you did not mention that RPi should forward ntp traffic for others as well. To allow forwarding you should add the same rule to PREROUTING in a mangle table as well. Also, check that your ntp client is bound to eth0 at RPi

– Serge
Jun 4 '16 at 12:44





It should not do this for other devices as you did not mention that RPi should forward ntp traffic for others as well. To allow forwarding you should add the same rule to PREROUTING in a mangle table as well. Also, check that your ntp client is bound to eth0 at RPi

– Serge
Jun 4 '16 at 12:44













Adding the same rule to PREROUTING did the trick for others. For the ntpd on Rpi, the following rule did the trick: iptables -A POSTROUTING -t nat -o eth0 -p udp --dport 123 -j SNAT --to 192.168.1.2 One more question, how to make ip rule and ip route persistent?

– Branislav Zlatkovic
Jun 4 '16 at 13:36





Adding the same rule to PREROUTING did the trick for others. For the ntpd on Rpi, the following rule did the trick: iptables -A POSTROUTING -t nat -o eth0 -p udp --dport 123 -j SNAT --to 192.168.1.2 One more question, how to make ip rule and ip route persistent?

– Branislav Zlatkovic
Jun 4 '16 at 13:36













to set routes you have to customize /etc/sysconfig/network-scripts/route-eth0 or whatever way appropriate to your system. The riles are not flushed during interface state transitions as far as I remember, so rc.local or other suitable place would be good.

– Serge
Jun 4 '16 at 14:30





to set routes you have to customize /etc/sysconfig/network-scripts/route-eth0 or whatever way appropriate to your system. The riles are not flushed during interface state transitions as far as I remember, so rc.local or other suitable place would be good.

– Serge
Jun 4 '16 at 14:30

















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f287627%2fhow-to-forward-ntp-traffic-to-default-gateway-instead-of-vpn-tunnel%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Bahrain

Image
For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
Read more

Postfix configuration issue with fips on centos 7; mailgun relay

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
Read more