From owner-freebsd-stable@FreeBSD.ORG Wed Jul 25 07:50:22 2007 Return-Path: Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F71E16A417 for ; Wed, 25 Jul 2007 07:50:22 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2001:1b20:1:3::1]) by mx1.freebsd.org (Postfix) with ESMTP id BAE8913C457 for ; Wed, 25 Jul 2007 07:50:21 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (felopi@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l6P7o9j5056032; Wed, 25 Jul 2007 09:50:15 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l6P7o9FL056031; Wed, 25 Jul 2007 09:50:09 +0200 (CEST) (envelope-from olli) Date: Wed, 25 Jul 2007 09:50:09 +0200 (CEST) Message-Id: <200707250750.l6P7o9FL056031@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, andrew-freebsd@areilly.bpc-users.org In-Reply-To: <20070725003025.GA63332@duncan.reilly.home> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 25 Jul 2007 09:50:15 +0200 (CEST) Cc: Subject: Re: ntpd on a NAT gateway seems to do nothing X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, andrew-freebsd@areilly.bpc-users.org List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 07:50:22 -0000 Andrew Reilly wrote: > Peter Jeremy wrote: > > The major difference is that ntpd will use a source port > > of 123 whilst ntpdate will use a dynamic source port. > > Is that behaviour that can be defeated? If it uses a fixed > source port, then multiple ntpd clients behind a nat firewall > will be competing for the same ip quadtuple at the NAT box. Usually the clients behind the NAT gateway use the ntpd running on the gateway itself, not any servers beyond. So NTP queries never have to be forwarded across the gateway, so they're not subject to NAT translation at all. The gateway rather acts as server and client at the same time. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Passwords are like underwear. You don't share them, you don't hang them on your monitor or under your keyboard, you don't email them, or put them on a web site, and you must change them very often.