From owner-freebsd-stable@FreeBSD.ORG Tue Jul 24 19:24:28 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6E6416A417 for ; Tue, 24 Jul 2007 19:24:28 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-20-82.belrs4.nsw.optusnet.com.au [220.239.20.82]) by mx1.freebsd.org (Postfix) with ESMTP id 64ED113C46C for ; Tue, 24 Jul 2007 19:24:28 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id l6OJOQjX004006; Wed, 25 Jul 2007 05:24:26 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id l6OJOPMx004005; Wed, 25 Jul 2007 05:24:25 +1000 (EST) (envelope-from peter) Date: Wed, 25 Jul 2007 05:24:25 +1000 From: Peter Jeremy To: Pete French Message-ID: <20070724192425.GV1162@turion.vk2pj.dyndns.org> References: <200707241451.l6OEpq2O014634@lurza.secnetix.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9UV9rz0O2dU/yYYn" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-stable@freebsd.org Subject: Re: ntpd on a NAT gateway seems to do nothing X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jul 2007 19:24:28 -0000 --9UV9rz0O2dU/yYYn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-Jul-24 16:00:08 +0100, Pete French wr= ote: >at least I cannot see anything wrong). I would assume that ntpdate >also uses UDP - and using that I can see all these servers ? Yes it does. The major difference is that ntpd will use a source port of 123 whilst ntpdate will use a dynamic source port. Is it possible that your NAT rules are interfering with ntpd using port 123? Can you check that ntpd is binding to port 123 (using lsof or netstat+fstat). As well as tcpdump'ing the NTP traffic, you might like to ktrace ntpd and verify that incoming packets are actually arriving there. If your NAT box is not busy, you might be able to enable logging on som relevant rules and see what your firewall is actually doing with the packets. --=20 Peter Jeremy --9UV9rz0O2dU/yYYn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGplHp/opHv/APuIcRArdSAJ9CO/PO+t+PG1qdKSJRFBFHZAys8wCfVj9v +5Ztku0ONREkjdVEHi5wWFM= =4mTm -----END PGP SIGNATURE----- --9UV9rz0O2dU/yYYn--