f



Issues with "non-ntpport" and "ntpport"

I am having some problems getting my ntp server to accept ntpdate
requests.

I have several clients behind a gateway/router that need to have their
time updated. I am using NAT to translate their source addresses to just
one address. This is causing some of the clients to make attempts at
communicating with my ntp server via a non-standard port (something other
than 123) as their source port. 

Basically, I see that the connection is in fact being made from the
client's side (with a --sport = 46 and a --dport = 123) but my ntp server
is evidently dropping the packets.

I have tried using this as my restrict rule:

restrict a.b.c.d notrust nomodify notrap non-ntpport 

this:

restrict a.b.c.d notrust nomodify notrap non-ntpport ntpport

and this:

restrict a.b.c.d notrust nomodify notrap ntpport

with no luck whatsoever...

How can I get my ntp server to allow such non-standard communication?

Regards,

Wendell Smith

0
Wendell
6/24/2003 9:30:16 PM
comp.protocols.time.ntp 4895 articles. 2 followers. Post Follow

1 Replies
724 Views

Similar Articles

[PageSpeed] 22

Ok, I have figured it out thanks to a post made by Hal Murray...

I am using ntpdate hourly one each of my servers. Evidently the outgoing
port on the NAT box has issues with multiple connections using the same
outgoing port (duh right?). 

So to remedy this I now use the "-u" switch in my ntpdate executions...

Thanks Hal!

On Tue, 24 Jun 2003 17:30:15 +0000, Wendell Smith wrote:

> I am having some problems getting my ntp server to accept ntpdate
> requests.
> 
> I have several clients behind a gateway/router that need to have their
> time updated. I am using NAT to translate their source addresses to just
> one address. This is causing some of the clients to make attempts at
> communicating with my ntp server via a non-standard port (something other
> than 123) as their source port. 
> 
> Basically, I see that the connection is in fact being made from the
> client's side (with a --sport = 46 and a --dport = 123) but my ntp server
> is evidently dropping the packets.
> 
> I have tried using this as my restrict rule:
> 
> restrict a.b.c.d notrust nomodify notrap non-ntpport 
> 
> this:
> 
> restrict a.b.c.d notrust nomodify notrap non-ntpport ntpport
> 
> and this:
> 
> restrict a.b.c.d notrust nomodify notrap ntpport
> 
> with no luck whatsoever...
> 
> How can I get my ntp server to allow such non-standard communication?
> 
> Regards,
> 
> Wendell Smith


0
Wendell
6/25/2003 2:13:37 PM
Reply: