ntpd on a NAT gateway seems to do nothing

Mon, 23 Jul 2007 05:50:54 -0700 

Just following the similarly names thread with a bit of interest and I decided
to check my own ntp setup and, to my surprise, discovered I also have a machine
which does nothing. What is more surprising to me is that it has the same
config as a number of other machines, all of which work.

We have a segment of network which is behind a NAT, and there is a BSD box
running 'pf' actiing as the NAT gateway. Running ntpd on the actual
NAT box does not work, but running it on the clients the far side of
the NAT does, or on clients the live side of the NAT. I should probably
exolain that the NAT goes onto another network which is also natted, though
that NAT is out of my control.

The ntp.conf file looks like this on all machines:

        disable auth
        enable ntp
        driftfile /etc/ntp.drift
        server 10.17.19.0
        server 195.40.0.250
        server 158.43.128.33
        server 158.43.128.66
        server 158.43.192.66

The time servers there are for easynet, pipex and an internal machine at
a remote location. ntpdate on the machine can query all the hosts fine,
but ntpdc -p gives:

     remote           local      st poll reach  delay   offset    disp
=======================================================================
=valliere.ns.eas 172.16.1.8      16   64    0 0.00000  0.000000 0.00000
=turpentine.ratt 172.16.1.8       3  128    7 0.01451 -0.007633 1.93823
=ntp2.pipex.net  172.16.1.8      16   64    0 0.00000  0.000000 0.00000
=ntp0.pipex.net  172.16.1.8      16   64    0 0.00000  0.000000 0.00000
=ntp1.pipex.net  172.16.1.8      16   64    0 0.00000  0.000000 0.00000

As you can see, it can only reach the internal machine. On other machines
behind the NAT it looks like this:

     remote           local      st poll reach  delay   offset    disp
=======================================================================
=valliere.ns.eas 10.50.50.2       2  256  377 0.00577 -0.004396 0.01192
=turpentine.ratt 10.50.50.2       3  256  377 0.01534 -0.004566 0.00482
*ntp2.pipex.net  10.50.50.2       2  256  377 0.00635 -0.004052 0.00899
=ntp0.pipex.net  10.50.50.2       2  256  377 0.00729 -0.002443 0.01395
=ntp1.pipex.net  10.50.50.2       2  256  377 0.00768 -0.002426 0.00951

But those connections are flowing through the NAT box oon which ntpd
is not connecting!

Any suggestions ? I assume it has something to do with the NAT, but I am
not sure what. All other TCP connections out from that machine to
external systems work fine, so it is not as if outbound connections from
there are not working at all.

-pcf.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to