[ntp:questions] Authentication of time servers behind NAT / Firewall
hal-usenet at ip-64-139-1-69.sjc.megapath.net
Thu Mar 1 05:30:50 UTC 2007
In article <1172677173.595394.195670 at s48g2000cws.googlegroups.com>,
"Vanya" <forrester.rome at gmail.com> writes:
>Wondering what others might have to say about the possibility of
>authenticating a NTP server from behind a NAT/Firewall. We are setting
>up a system of certified email for cities in Italy. The authorities
>want us to show that the servers in the cluster handling the email
>traffic are communicating in an authenticated fashion with the local
>NTP servers (located in Pisa).
Do you really want your mail servers behind a NAT box? I'd
expect you would want them on a DMZ and that would also solve
your NTP problems.
If all your traffic goes through a single NAT box, then
all your servers get block/black listed when one of your
PCs gets infected or any of a zillion other problems
causes spam/abuse to emit from your NAT box.
Has anybody tried tunneling NTP traffic?
These are my opinions, not necessarily my employer's. I hate spam.
More information about the questions