[ntp:questions] NTP and D-Link DI524 router firewall

Dirk Claessens No at way.invalid
Thu Jun 21 18:42:01 UTC 2007

Hi group,

I have been using the Wintel NTP-package as made available by Meinberg 
for over a year now, and it has performed flawlessly ... until I 
installed a new NAT router. ( D-Link DI-524 ).

It appears that the router firewall only accepts the NTP-reply of the 
*first* server in the list ( I have 8 servers listed ).

With Ethereal, I can see 8 requests being sent, and only 1 reply coming 
in. The other 7 replies are logged as "unallowed access from 
<server-IP>:123" by the firewall.

I can solve the problem by unchecking the SPI-option in the router 
configuration. (SPI stands for Stateful Packet Inspection, and is 
supposed to further enhance robustness against outside attacks)

Has anyone else had the same experience? In my opinion, this is 
definitely a bug in the router firmware...

No trees were killed in the creation of this message;
however, many electrons were terribly inconvenienced.

More information about the questions mailing list