[ntp:questions] Port forwarding NTP?

Hal Murray hal-usenet at ip-64-139-1-69.sjc.megapath.net
Sun Nov 2 03:12:59 UTC 2008

In article <490CF166.8020805 at febo.com>,
 jra at febo.com (John Ackermann N8UR) writes:
>I am trying to configure my masquerading (NAT) firewall to allow the
>outside world to see one of my internal servers.  (The firewall is a
>Linux system running fairly ancient "Linux Router Project" code).
>I've set up what should be the correct rules to forward both port 123
>UDP and port 123 TCP to the internal server:
>ipchains -A bad-if --dport 123 -p tcp -j ACCEPT
>ipchains -A bad-if --dport 123 -p udp -j ACCEPT
>ipmasqadm portfw -a -P tcp -L $PUBLIC_IP 123 -R $CESIUM 123
>ipmasqadm portfw -a -P udp -L $PUBLIC_IP 123 -R $CESIUM 123
>>From an external server, I can use "ntpq -p <mybox>" and I get the
>billboard in response.  So I think the TCP forwarding works.  But
>attempting to sync to the internal server yields reachability of 0,
>which leads me to think something is wrong with the UDP forwarding.
>The ntp.conf files on both ends are very simple and don't contain any
>restrict or authentication statements.
>Has anyone tried anything like this?  Any ideas what might be wrong?

My ntp works behind a NAT box.  I'm using the NAT in the modem
so I can't help with your setup details.

I don't think the TCP port is used for anything.  There is
nothing listening on TCP port 123 on my system.

The autokey stuff won't work.

Do you have the restrict stuff setup right?  (both ends)

These are my opinions, not necessarily my employer's.  I hate spam.

More information about the questions mailing list