[ntp:questions] Authentication of time servers behind NAT / Firewall

Hal Murray hal-usenet at ip-64-139-1-69.sjc.megapath.net
Thu Mar 1 05:30:50 UTC 2007


In article <1172677173.595394.195670 at s48g2000cws.googlegroups.com>,
 "Vanya" <forrester.rome at gmail.com> writes:
>Wondering what others might have to say about the possibility of
>authenticating a NTP server from behind a NAT/Firewall. We are setting
>up a system of certified email for cities in Italy. The authorities
>want us to show that the servers in the cluster handling the email
>traffic are communicating in an authenticated fashion with the local
>NTP servers (located in Pisa).

Do you really want your mail servers behind a NAT box?  I'd
expect you would want them on a DMZ and that would also solve
your NTP problems.

If all your traffic goes through a single NAT box, then
all your servers get block/black listed when one of your
PCs gets infected or any of a zillion other problems
causes spam/abuse to emit from your NAT box.

Has anybody tried tunneling NTP traffic?


-- 
These are my opinions, not necessarily my employer's.  I hate spam.




More information about the questions mailing list