[ntp:questions] Is it possible to run ntpd server behind a firewall?
Svein Skogen
svein at d80.iso100.no
Thu Oct 18 10:02:06 UTC 2007
Shaochun Wang wrote:
> The stupid net administrator of my institute blocked all UDP datagram
> in the firewall. I know that NTP uses UDP to do its work, but is it
> possible to let ntpd use TCP?
>
The only "trick" around this, is to use a TCP-based VPN tunnel to a
point outside the firewall, and forward your queries through this.
However, a "solution" like this will add a VARIABLE latency on your
packets, giving you (in reality) a worse clock than using the internal
CMOS one. I would suggest talking to the net-admin (who is actually
doing everything correctly, f.y.i.) about setting up a network-wide ntp
server with openings in the firewall (probably a good idea to run this
in the DMZ area, not on the internal net), or get a clock-sync device
like a GPS or Atomic Clock receiver, and sync through that.
Regards,
--
Svein Skogen | Mobile Phone: +47 907 03 575
Solberg Østli 9 | svein at d80.iso100.no
2020 Skedsmokorset | PGP Key: 0xE5E76831
Norway | RIPE handle: SS16503-RIPE
------------------------+-----------------------------
msn messenger: | Facebook id: 638406636
svein at d80.iso100.no |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/pipermail/questions/attachments/20071018/2c0ff72f/attachment.pgp>
More information about the questions
mailing list