From owner-freebsd-questions@FreeBSD.ORG Tue Nov 15 17:14:44 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA7F016A41F for ; Tue, 15 Nov 2005 17:14:44 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail28.sea5.speakeasy.net (mail28.sea5.speakeasy.net [69.17.117.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9848D43D5C for ; Tue, 15 Nov 2005 17:14:38 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 188 invoked from network); 15 Nov 2005 17:14:38 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail28.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 15 Nov 2005 17:14:38 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 5AAC528441; Tue, 15 Nov 2005 12:14:37 -0500 (EST) Sender: lowell@be-well.ilk.org To: Dave References: <000901c5e7da$2bf28cd0$0900a8c0@satellite> <44iruv9suv.fsf@be-well.ilk.org> <002301c5e947$5c4c6ef0$0900a8c0@satellite> From: Lowell Gilbert Date: 15 Nov 2005 12:14:37 -0500 In-Reply-To: <002301c5e947$5c4c6ef0$0900a8c0@satellite> Message-ID: <44ek5hg7eq.fsf@be-well.ilk.org> Lines: 25 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: ntp handling in 6.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Nov 2005 17:14:45 -0000 Don't top-post, please. "Dave" writes: > Thanks for your reply. My server box does indeed have ntpd running > i confirmed it with ps -aux and it does have a pf firewall. The rules > are: > > # allow UDP requests to port 123 from firewall to exit ext_if_if > # in order to contact internet ntp servers > # (keep state on this connection) > pass out quick on $ext_if inet proto { tcp, udp} from $ext_if to any port 123 keep state > > # allow UDP requests to ports 67, 68, and 123 from # in order to perform dhcp and ntp queries on the firewall > # ( Keep state on this connection) > pass in quick on $int_if inet proto { tcp,udp } from $int_net to $int_if port { 67, 68, 123 } keep state There's probably a syntax issue here; I don't use pf, so the fact that I don't personally see a problem may not mean anthing. You could try debugging it by seeing whether the request packets actually get out of the firewall, and whether responses come back. > and ntpdc shows me a prompt. But does it see any peers?