[ntp:questions] Firewall requirements for NTP as both client and server

Mike Cook michael.cook at sfr.fr
Sun Dec 28 22:42:15 UTC 2014


> Le 28 déc. 2014 à 19:14, David Taylor <david-taylor at blueyonder.co.uk.invalid> a écrit :
> 
> 17:46:20.823583 IP 192.168.0.1.ntp > net4501.ntp: NTPv4, Client, length 48
> 17:46:52.838966 IP 192.168.0.1.ntp > net4501.ntp: NTPv4, Client, length 48
> 
> They are 32 seconds approximately apart which is what I would expect. SO does that mean that the firewall has blocked them, or that the NTPns server never responded?  There is no firewall block on 192.168.0.1 making requests and getting responses from servers on or off the LAN.
> 
  This looks like your firewall, 

>>  add 200 allow udp from any 123 to any

  Is saying allow port 123 SOURCE packets in from any  source, BUT client packets don’t come from port 123, but from an unprivileged port:
here is a log from my internet facing server, also a 4801:

Dec 28 18:23:58 muon kernel: ipfw: 540 Accept UDP 192.3.96.154:32894 192.168.1.4:123 in via sis0

 so your rules are not allowing the outside requests to get to NTPns. If you add logging you will see them Denied .

fixing this is an exercise for the reader.

> I'll investigate NTPns further....
> 
> -- 
> Cheers,
> David
> Web: http://www.satsignal.eu
> 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions


More information about the questions mailing list