Date: Wed, 25 Jul 2007 05:24:25 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Pete French <petefrench@ticketswitch.com> Cc: freebsd-stable@freebsd.org Subject: Re: ntpd on a NAT gateway seems to do nothing Message-ID: <20070724192425.GV1162@turion.vk2pj.dyndns.org> In-Reply-To: <E1IDLrs-0001U0-Di@dilbert.ticketswitch.com> References: <200707241451.l6OEpq2O014634@lurza.secnetix.de> <E1IDLrs-0001U0-Di@dilbert.ticketswitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--9UV9rz0O2dU/yYYn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-Jul-24 16:00:08 +0100, Pete French <petefrench@ticketswitch.com> wr= ote: >at least I cannot see anything wrong). I would assume that ntpdate >also uses UDP - and using that I can see all these servers ? Yes it does. The major difference is that ntpd will use a source port of 123 whilst ntpdate will use a dynamic source port. Is it possible that your NAT rules are interfering with ntpd using port 123? Can you check that ntpd is binding to port 123 (using lsof or netstat+fstat). As well as tcpdump'ing the NTP traffic, you might like to ktrace ntpd and verify that incoming packets are actually arriving there. If your NAT box is not busy, you might be able to enable logging on som relevant rules and see what your firewall is actually doing with the packets. --=20 Peter Jeremy --9UV9rz0O2dU/yYYn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGplHp/opHv/APuIcRArdSAJ9CO/PO+t+PG1qdKSJRFBFHZAys8wCfVj9v +5Ztku0ONREkjdVEHi5wWFM= =4mTm -----END PGP SIGNATURE----- --9UV9rz0O2dU/yYYn--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070724192425.GV1162>