From owner-freebsd-stable@FreeBSD.ORG  Tue Jul 24 15:40:17 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4EA6D16A41B
	for <freebsd-stable@freebsd.org>; Tue, 24 Jul 2007 15:40:17 +0000 (UTC)
	(envelope-from hausen@punkt.de)
Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131])
	by mx1.freebsd.org (Postfix) with ESMTP id 8D69C13C480
	for <freebsd-stable@freebsd.org>; Tue, 24 Jul 2007 15:40:16 +0000 (UTC)
	(envelope-from hausen@punkt.de)
Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [10.0.0.110])
	by kagate1.punkt.de with ESMTP id l6OFJ3sW045740
	for <freebsd-stable@freebsd.org>; Tue, 24 Jul 2007 17:19:03 +0200 (CEST)
Received: from hugo10.ka.punkt.de (localhost [127.0.0.1])
	by hugo10.ka.punkt.de (8.12.10/8.12.10) with ESMTP id l6OFJ3ZT098624;
	Tue, 24 Jul 2007 17:19:03 +0200 (CEST)
	(envelope-from ry93@hugo10.ka.punkt.de)
Received: (from ry93@localhost)
	by hugo10.ka.punkt.de (8.12.10/8.12.10/Submit) id l6OFJ3do098623;
	Tue, 24 Jul 2007 17:19:03 +0200 (CEST) (envelope-from ry93)
Date: Tue, 24 Jul 2007 17:19:03 +0200
From: "Patrick M. Hausen" <hausen@punkt.de>
To: Pete French <petefrench@ticketswitch.com>
Message-ID: <20070724151902.GA97341@hugo10.ka.punkt.de>
References: <200707241451.l6OEpq2O014634@lurza.secnetix.de>
	<E1IDLrs-0001U0-Di@dilbert.ticketswitch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <E1IDLrs-0001U0-Di@dilbert.ticketswitch.com>
User-Agent: Mutt/1.5.15 (2007-04-06)
Cc: freebsd-stable@freebsd.org
Subject: Re: ntpd on a NAT gateway seems to do nothing
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jul 2007 15:40:17 -0000

Hi, all!

On Tue, Jul 24, 2007 at 04:00:08PM +0100, Pete French wrote:

> Yes, I discovered the UDPness of it last night and went
> through the rules again. I am pretty sure they are correct (or
> at least I cannot see anything wrong). I would assume that ntpdate
> also uses UDP - and using that I can see all these servers ?

I would try and run 

# tcpdump -n -i <NAT interface> host <NTP server>

in a separate window and compare the output when running 
ntpdate vs. starting ntpd.

HTH,

Patrick M. Hausen
Leiter Netzwerke und Sicherheit
-- 
punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info@punkt.de       http://www.punkt.de
Gf: Jürgen Egeling      AG Mannheim 108285