[ntp:questions] Is it possible to run ntpd server behind a firewall?

Svein Skogen svein at d80.iso100.no
Thu Oct 18 10:02:06 UTC 2007

Shaochun Wang wrote:
> The stupid net administrator of my institute blocked all UDP datagram
> in the firewall. I know that NTP uses UDP to do its work, but is it
> possible to let ntpd use TCP?

The only "trick" around this, is to use a TCP-based VPN tunnel to a
point outside the firewall, and forward your queries through this.
However, a "solution" like this will add a VARIABLE latency on your
packets, giving you (in reality) a worse clock than using the internal
CMOS one. I would suggest talking to the net-admin (who is actually
doing everything correctly, f.y.i.) about setting up a network-wide ntp
server with openings in the firewall (probably a good idea to run this
in the DMZ area, not on the internal net), or get a clock-sync device
like a GPS or Atomic Clock receiver, and sync through that.


Svein Skogen		| Mobile Phone:	+47 907 03 575
Solberg Østli 9		| svein at d80.iso100.no
2020 Skedsmokorset	| PGP Key:	0xE5E76831
Norway			| RIPE handle:	SS16503-RIPE
msn messenger: 		| Facebook id:	638406636
svein at d80.iso100.no	|

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/pipermail/questions/attachments/20071018/2c0ff72f/attachment.pgp>

More information about the questions mailing list