On Mon, 2004-01-19 at 12:08, John Ackermann N8UR wrote: > --On Monday, January 19, 2004 12:01:59 +1100 Donovan Baarda > <[EMAIL PROTECTED]> wrote: > > > Another possibility is to use NAT to re-map the response on the way > > out... once again, if anyone gets this working, please post how you did > > it. > > I don't know if this is quite you're looking for, but I had no trouble > using Linux "ipmasqadm portfwd" to open port 123 for tcp and udp on my > firewall. I'm going from a public IP address to a private namespace and > that seems to work (or at least, my friend testing on the outside is able > to get time from me).
For those not using ipmasqadm, the following iptables rule run somewhere appropriate during startup on the machine running ntpd should do the trick; $ iptables -t nat -A POSTROUTING -p udp -s <eth-ip> -sport ntp \ -j SNAT --to <alias-ip> This will only SNAT the outgoing ntp udp packets from the <eth-ip> address so they are changed to come from the <alias-ip> address. -- Donovan Baarda <[EMAIL PROTECTED]> http://minkirri.apana.org.au/~abo/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
