Date: Thu, 12 Oct 2017 13:45:10 +0100 From: Dave B <g8kbvdave@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: Another 11.1-RELEASE install minor annoyance (ntpd) Message-ID: <bddc1b51-8dc1-6591-0008-5e4b5e1f3048@googlemail.com> In-Reply-To: <mailman.116.1507809602.41581.freebsd-questions@freebsd.org> References: <mailman.116.1507809602.41581.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/10/17 13:00, freebsd-questions-request@freebsd.org wrote: > All your Linksys needs for NTP support is to allow UDP to any, port 123. > And the response packets, obviously. > > Cheers, > > Matthew Usually, that will be the normal default NAT router behaviour, incoming packets from a requested site (as signified by previous outgoing packets to the same site) will pass back into the LAN unmolested and be directed to the requesting local IP address. Unless you or someone else has intentionally blocked NTP traffic at your border. (I've yet to find even an ISP supplied box that has NTP blocked, as a "user".) About the only time (pun unintended) you need to poke a hole in a border/gateway/firewall, is if you want to run a publicly accessible NTP (or any other) server. Then, you do need to poke a hole (usually port 123 for NTP) so the great unwashed web can reach into your shiny new machine. In such cases, it's also wise to keep all the NTPD baggage up to date. I'm not aware of any current issues, but in the not too distant past "there have been some issues that were exploited for DDoS atacks!" (I don't know. Is it possible to jail a NTP server?) PS: I take it you know about the NTP pool project? Not suggesting you join it (unless you wish to) but as an external resource for a LAN based machine to sync to, it is a superbly reliable resource. Virtually guaranteed to be a better source of time than your ISP's servers (that here in the UK seem to reside on already very busy border/gateway machines.) PPS: If you have an unreliable or a throttled internet service. There is the option of using a GPS receiver that also has a PPS signal output, so your local NTP server stays accurate, even if it can't reach out to other NTP servers.. For example... http://www.satsignal.eu/ntp/FreeBSD-GPS-PPS.htm (Old in respect to FreeBSD, but the principles are sound.) But we're getting well into "Time Nuts" territory in that case. It was the need for an accurate and more importantly "stable" local time source (that didn't drift +- some seconds during the day, due to my own ISP "messing things about") that I learnt about FreeBSD in the first place. Regards to All. Dave B.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bddc1b51-8dc1-6591-0008-5e4b5e1f3048>