[ntp:questions] How to configure ntp client to connect to localhost?

David Woolley david at ex.djwhome.demon.co.uk.invalid
Tue Jul 3 19:50:26 UTC 2007


In article <4689922A.7040708 at tce.com>, ogler at tce.com (Ron Ogle) wrote:

> My situation is that I use SSH for all of my communications to external
> servers.  I need my clients to tunnel their NTP requests over this tunnel.

Tunnelling over TCP is likely to quite seriously degrade the delay and
symmetry of the delay.  If your only alternative is to tunnel like, this,
use a local radio clock as your primary NTP reference.  (Look up Nagle
Algorith for one of the reasons why you may get significant delays if there
is any contention for the tunnel, even in the absence of retransmissions.)

> I can setup a TCP or UDP tunnel on local port 123 that is actually a
> remote connection to another server's NTP service.

Port 123 is already taken by ntpd itself.

> I do this as a security measure.  It allows me to allow only outgoing
> connections from a firewall perspective.

ntpd uses UDP, which is connectionless.  However, a good stateful firewall
will temporarily open the firewall for any return traffic.




More information about the questions mailing list