From owner-freebsd-stable@FreeBSD.ORG  Wed Jul 25 00:30:44 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6AC3616A417
	for <freebsd-stable@freebsd.org>; Wed, 25 Jul 2007 00:30:44 +0000 (UTC)
	(envelope-from andrew@areilly.bpa.nu)
Received: from omta02ps.mx.bigpond.com (omta02ps.mx.bigpond.com
	[144.140.83.154])
	by mx1.freebsd.org (Postfix) with ESMTP id 0B6F013C458
	for <freebsd-stable@freebsd.org>; Wed, 25 Jul 2007 00:30:41 +0000 (UTC)
	(envelope-from andrew@areilly.bpa.nu)
Received: from oaamta02ps.mx.bigpond.com ([124.188.162.95])
	by omta02ps.mx.bigpond.com with ESMTP id
	<20070725003040.LCMO14578.omta02ps.mx.bigpond.com@oaamta02ps.mx.bigpond.com>
	for <freebsd-stable@freebsd.org>; Wed, 25 Jul 2007 00:30:40 +0000
Received: from areilly.bpa.nu ([124.188.162.95])
	by oaamta02ps.mx.bigpond.com with ESMTP
	id <20070725003039.MXUE27015.oaamta02ps.mx.bigpond.com@areilly.bpa.nu>
	for <freebsd-stable@freebsd.org>; Wed, 25 Jul 2007 00:30:39 +0000
Received: (qmail 63697 invoked by uid 501); 25 Jul 2007 00:30:25 -0000
Date: Wed, 25 Jul 2007 10:30:25 +1000
From: Andrew Reilly <andrew-freebsd@areilly.bpc-users.org>
To: Peter Jeremy <peterjeremy@optushome.com.au>
Message-ID: <20070725003025.GA63332@duncan.reilly.home>
References: <200707241451.l6OEpq2O014634@lurza.secnetix.de>
	<E1IDLrs-0001U0-Di@dilbert.ticketswitch.com>
	<20070724192425.GV1162@turion.vk2pj.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070724192425.GV1162@turion.vk2pj.dyndns.org>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-stable@freebsd.org, Pete French <petefrench@ticketswitch.com>
Subject: Re: ntpd on a NAT gateway seems to do nothing
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2007 00:30:44 -0000

On Wed, Jul 25, 2007 at 05:24:25AM +1000, Peter Jeremy wrote:
> On 2007-Jul-24 16:00:08 +0100, Pete French <petefrench@ticketswitch.com> wrote:
> Yes it does.  The major difference is that ntpd will use a source
> port of 123 whilst ntpdate will use a dynamic source port.

Is that behaviour that can be defeated?  If it uses a fixed
source port, then multiple ntpd clients behind a nat firewall
will be competing for the same ip quadtuple at the NAT box.  (Or
does ipnat or pf have the ability to fake different source
addresses?)

(I've had what I think is this problem with a VPN setup, where
only one client behind the NAT firewall could run the VPN client
at a time, because the VPN protocol used a fixed port and UDP.
Maybe my NAT rules need more sophistication?  I don't pay all
that much attention to it...)

Cheers,

-- 
Andrew