[ntp:questions] Re: A theoretical question

Roy roy at suespammers.org
Tue Nov 11 04:30:05 UTC 2003

Denis Zaitsev wrote in message news:<871xsfg8ek.fsf at natasha.ward.six>...
> >>>>> "r" == roy  writes:
>     r> I personally choose a fourth option.  It is option C except my
>     r> NTP server is a different system than the firewall / router
>     r> where my LAN connects to the internet.  This provides an
>     r> additional protective layer between the NTP server and the
>     r> internet.  It also isolates the NTP server from IP address
>     r> changes.
> Thanks for the reply.  BTW, the couple of other questions are
> initiated:
> a) why do you think that the machine on the LAN besides a
>    firewall is protected more than the machine under firewall itself
>    (to be more precise, a service running on the machine with the
>    firewall)?

A separate firewall probably does not provide better security
(presuming equally effective firewall software).  Actually I'm running
firewall software on the NTP server as well.  But I like the idea of
stopping unwelcome traffic as soon as possible.  And in this current
network, the first stop is a firewall / router.

> b) What an address changes do you mean?

I'm talking about changes in the IP address assigned by your ISP.  If
the ntpd daemon sees it's IP address change, I've seen reports that
the external servers often need to be unconfigured and then re-added. 
I never see that, since the internal IP address of my NTP server never
changes.  Of course, the router masks any changes of the external IP
address assigned by the ISP.

Have a great time,

The suespammers.org mail server is located in California.  Please do
not send unsolicited bulk e-mail or unsolicited commercial e-mail to
my suespammers.org address or any of my other addresses.  These are my
opinions, not necessarily my employer's.

More information about the questions mailing list