ntpd on a NAT gateway seems to do nothing
Andrew Reilly
andrew-freebsd at areilly.bpc-users.org
Wed Jul 25 00:30:44 UTC 2007
On Wed, Jul 25, 2007 at 05:24:25AM +1000, Peter Jeremy wrote:
> On 2007-Jul-24 16:00:08 +0100, Pete French <petefrench at ticketswitch.com> wrote:
> Yes it does. The major difference is that ntpd will use a source
> port of 123 whilst ntpdate will use a dynamic source port.
Is that behaviour that can be defeated? If it uses a fixed
source port, then multiple ntpd clients behind a nat firewall
will be competing for the same ip quadtuple at the NAT box. (Or
does ipnat or pf have the ability to fake different source
addresses?)
(I've had what I think is this problem with a VPN setup, where
only one client behind the NAT firewall could run the VPN client
at a time, because the VPN protocol used a fixed port and UDP.
Maybe my NAT rules need more sophistication? I don't pay all
that much attention to it...)
Cheers,
--
Andrew
More information about the freebsd-stable
mailing list