[ntp:questions] Re: Configuring a server and clients behind a firewall

Ronan Flood ronan at noc.ulcc.ac.uk
Wed Feb 2 16:31:44 UTC 2005


I wrote:

> > >>  "noserve" blocks time packets and puts you back in the position of
> > >>  needing to know the IP addresses of your remote time servers.
> > >
> > >  It blocks clients requesting time from your server, not time responses
> > >  to your server from its upstreams, surely?

*sigh* Looks like I'm wrong here ...  Possibly it worked that way in 4.1,
but in 4.2 (and 4.0) it appears to behave as Steve says.


> Sure, I simply disagreed with Steve Kostecke's comment:
> 
>   If you do want to use restrictions you will not be able to
>   use server host names that resolve to multiple IP addresses (e.g.
>   *.pool.ntp.org).
> 
> I think it is not necessary to run one's own ntpd as an open server
> just to use the pool servers.

It seems that with 4.2, it *is* necessary.
Was this another semantic shift, like notrust?

*red face* Apologies all round; at least I've learned something.

-- 
                      Ronan Flood <R.Flood at noc.ulcc.ac.uk>
                        working for but not speaking for
             Network Services, University of London Computer Centre
     (which means: don't bother ULCC if I've said something you don't like)



More information about the questions mailing list