[ntp:questions] Questions about joining pool.ntp.org

Mischanko, Edward T Edward.Mischanko at arcelormittal.com
Fri Sep 2 23:50:40 UTC 2011



Edward T. Mischanko | Maintenance Technician, Electrical
ArcelorMittal Burns Harbor
 
Finishing | 250 W. US Highway 12
Burns Harbor, IN 46304-9745
 
T +1 219 787 3601 | F +1 219 787 4510
www.arcelormittal.com
 
> -----Original Message-----
> From: questions-
> bounces+edward.mischanko=arcelormittal.com at lists.ntp.org
> [mailto:questions-
> bounces+edward.mischanko=arcelormittal.com at lists.ntp.org] On
> Behalf Of A C
> Sent: Tuesday, August 30, 2011 3:25 PM
> To: questions at lists.ntp.org
> Subject: Re: [ntp:questions] Questions about joining
> pool.ntp.org
> 
> On 8/30/2011 11:22, Rob wrote:
> 
> >
> > Also make sure that you have no NAT or connection-tracking
> firewall
> > between your server and the internet.
> >
> > (NAT would actually be acceptable when it is a statically
> configured
> > one-to-one address translation, not one that ends up building
> a session
> > table like a connection-tracking firewall does)
> >
> > Really, it will break your router or firewall when you try to
> go live
> > without make sure this is OK.
> 
> I'd actually like to know more about this.
> 
> Given a router running typical DNAT (perhaps via iptables) would
> it not
> be acceptable to map a single port across the firewall?  Example
> (assuming a single WAN interface on eth0 and ntpd on internal
> 192.168.1.15:
> 
> iptables -t nat -A PREROUTING -p udp -i eth0 --dport 123 -j DNAT
> --to-destination 192.168.1.15
> iptables -A FORWARDING -p udp -i eth0 --dport 123 -j ACCEPT -d
> 192.168.1.5
> 
> My understanding is that this should reliably work since it
> would
> perform a static mapping of a single port onto the server behind
> the
> router.  Connection tracking over UDP and a static mapping
> should also
> be easier because the ports are usually reused.
[Mischanko, Edward T] 
My understanding is that IP addresses in the 192.168.xxx.xxx range are
not routable? 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions



More information about the questions mailing list