From owner-freebsd-questions Mon Jan 28 10:57:34 2002 Delivered-To: freebsd-questions@freebsd.org Received: from drone5.qsi.net.nz (drone5-svc-skyt.qsi.net.nz [202.89.128.5]) by hub.freebsd.org (Postfix) with SMTP id DDA9B37B400 for ; Mon, 28 Jan 2002 10:57:29 -0800 (PST) Received: (qmail 30969 invoked by uid 0); 28 Jan 2002 18:57:28 -0000 Received: from unknown (HELO chen.org.nz) ([210.54.19.51]) (envelope-sender ) by 0 (qmail-ldap-1.03) with SMTP for ; 28 Jan 2002 18:57:28 -0000 Received: (from jonc@localhost) by chen.org.nz (8.11.6/8.11.6) id g0SIvRc02378; Tue, 29 Jan 2002 07:57:27 +1300 (NZDT) (envelope-from jonc) Date: Tue, 29 Jan 2002 07:57:27 +1300 From: Jonathan Chen To: devin-freebsdquestions@rintrah.org Cc: Marco Radzinschi , freebsd-questions@FreeBSD.ORG Subject: Re: NTP behind NAT box? Message-ID: <20020129075727.A2307@grimoire.chen.org.nz> References: <20020122085250.N7705-100000@mail.radzinschi.com> <20020128072745.A76592@tharmas.rintrah.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020128072745.A76592@tharmas.rintrah.org>; from devin-freebsdquestions@rintrah.org on Mon, Jan 28, 2002 at 07:27:45AM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 28, 2002 at 07:27:45AM -0500, devin-freebsdquestions@rintrah.org wrote: > On Tue, Jan 22, 2002 at 08:56:10AM -0500, Marco Radzinschi wrote: > > Hello: > > > > I am running ntpd on a machine behind a router which is taking > > care of NAT. I have the router forwarding UDP packets on port 123 to said > > machine, and NTP is working. > > > > Now, do I really need to be forwarding UDP/123 to that machine, or will > > ntpd work without it? > > ntpd will make outbound connections to sync the box it is running on with > whatever ntp server you connect to in the outside world. > > in this case you don't need to be forwarding port 123 to it (in fact, that might > be a bad idea...) Hmm. I've just played around with this recently, and it looks like one *does* need to forward port 123. A quick check with "ntpq -p" shows that if you don't forward the port, all of the servers you try to sync with are marked as "rejected". Cheers. -- Jonathan Chen ------------------------------------------------------------------------ "We laugh in the face of danger, we drop icecubes down the vest of fear" - Edmond Blackadder III To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message