Port forwarding NTP? - NTP

This is a discussion on Port forwarding NTP? - NTP ; I am trying to configure my masquerading (NAT) firewall to allow the outside world to see one of my internal servers. (The firewall is a Linux system running fairly ancient "Linux Router Project" code). I've set up what should be ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Port forwarding NTP?

  1. Port forwarding NTP?

    I am trying to configure my masquerading (NAT) firewall to allow the
    outside world to see one of my internal servers. (The firewall is a
    Linux system running fairly ancient "Linux Router Project" code).

    I've set up what should be the correct rules to forward both port 123
    UDP and port 123 TCP to the internal server:

    ipchains -A bad-if --dport 123 -p tcp -j ACCEPT
    ipchains -A bad-if --dport 123 -p udp -j ACCEPT
    ipmasqadm portfw -a -P tcp -L $PUBLIC_IP 123 -R $CESIUM 123
    ipmasqadm portfw -a -P udp -L $PUBLIC_IP 123 -R $CESIUM 123

    >From an external server, I can use "ntpq -p " and I get the

    billboard in response. So I think the TCP forwarding works. But
    attempting to sync to the internal server yields reachability of 0,
    which leads me to think something is wrong with the UDP forwarding.

    The ntp.conf files on both ends are very simple and don't contain any
    restrict or authentication statements.

    Has anyone tried anything like this? Any ideas what might be wrong?

    Thanks,

    John

  2. Re: Port forwarding NTP?

    In article <490CF166.8020805@febo.com>,
    jra@febo.com (John Ackermann N8UR) writes:
    >I am trying to configure my masquerading (NAT) firewall to allow the
    >outside world to see one of my internal servers. (The firewall is a
    >Linux system running fairly ancient "Linux Router Project" code).
    >
    >I've set up what should be the correct rules to forward both port 123
    >UDP and port 123 TCP to the internal server:
    >
    >ipchains -A bad-if --dport 123 -p tcp -j ACCEPT
    >ipchains -A bad-if --dport 123 -p udp -j ACCEPT
    >ipmasqadm portfw -a -P tcp -L $PUBLIC_IP 123 -R $CESIUM 123
    >ipmasqadm portfw -a -P udp -L $PUBLIC_IP 123 -R $CESIUM 123
    >
    >>From an external server, I can use "ntpq -p " and I get the

    >billboard in response. So I think the TCP forwarding works. But
    >attempting to sync to the internal server yields reachability of 0,
    >which leads me to think something is wrong with the UDP forwarding.
    >
    >The ntp.conf files on both ends are very simple and don't contain any
    >restrict or authentication statements.
    >
    >Has anyone tried anything like this? Any ideas what might be wrong?


    My ntp works behind a NAT box. I'm using the NAT in the modem
    so I can't help with your setup details.

    I don't think the TCP port is used for anything. There is
    nothing listening on TCP port 123 on my system.

    The autokey stuff won't work.

    Do you have the restrict stuff setup right? (both ends)

    --
    These are my opinions, not necessarily my employer's. I hate spam.


+ Reply to Thread