[ntp:questions] NTP and D-Link DI524 router firewall
No at way.invalid
Thu Jun 21 18:42:01 UTC 2007
I have been using the Wintel NTP-package as made available by Meinberg
for over a year now, and it has performed flawlessly ... until I
installed a new NAT router. ( D-Link DI-524 ).
It appears that the router firewall only accepts the NTP-reply of the
*first* server in the list ( I have 8 servers listed ).
With Ethereal, I can see 8 requests being sent, and only 1 reply coming
in. The other 7 replies are logged as "unallowed access from
<server-IP>:123" by the firewall.
I can solve the problem by unchecking the SPI-option in the router
configuration. (SPI stands for Stateful Packet Inspection, and is
supposed to further enhance robustness against outside attacks)
Has anyone else had the same experience? In my opinion, this is
definitely a bug in the router firmware...
No trees were killed in the creation of this message;
however, many electrons were terribly inconvenienced.
More information about the questions