[ntp:questions] NTP under a Proxy

Ryan Malayter malayter at gmail.com
Thu Jul 5 14:09:24 UTC 2007


On Jul 2, 3:28 am, elio... at gmail.com (Elio) wrote:
> My company LAN is protected by a Proxy, so I can't access internet directly.
> This is a problem for the NTP connection: I've read the possibility to
> configure a "proxy connection" in order to use NTP server under a proxy
> protected LAN.

Typically proxy servers only handle HTTP traffic, and perhaps SMTP or
a few other user-oriented protocols. This is because your web browser
has been explicitly configured to use the proxy server.

Internet-bound NTP packets, on the other hand, will go directly to the
gateway router on your network segment, rather than the proxy server.
(Of course, in some networks, the gateway router and the proxy server
are the same device, but that doesn't matter much to you).

If that gateway router or a firewall in front of it does not allow NTP
traffic to pass from your machine, you can't use NTP to query internet
time servers.

So, assuming that using NTP is really needed for business purposes,
ask your network security guys to allow NTP outbound from your
workstation. They should do it if you have a reasonable business case.

If they say no, they probably have a good reason. Your routers
probably can serve NTP time to the internal network, or they may have
internal corporate NTP servers. So they will want you use those
instead of having to deal with the NTP traffic of hundreds of client
machines on your WAN link. This is how NTP is designed to work, in a
hierarchical fasion.




More information about the questions mailing list