From owner-freebsd-questions Tue Jan 9 0:20:42 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 0A21437B400 for ; Tue, 9 Jan 2001 00:20:25 -0800 (PST) Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 9 Jan 2001 00:18:27 -0800 Received: (from cjc@localhost) by rfx-64-6-211-149.users.reflexcom.com (8.11.0/8.11.0) id f098K3s84031; Tue, 9 Jan 2001 00:20:03 -0800 (PST) (envelope-from cjc) Date: Tue, 9 Jan 2001 00:19:58 -0800 From: "Crist J. Clark" To: blaz Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ntpdate problems for machines behind firewall Message-ID: <20010109001958.P95729@rfx-64-6-211-149.users.reflexco> Reply-To: cjclark@alum.mit.edu References: <3A5A9DF4.AA3DE3B@satx.rr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3A5A9DF4.AA3DE3B@satx.rr.com>; from blaz@satx.rr.com on Mon, Jan 08, 2001 at 11:13:24PM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jan 08, 2001 at 11:13:24PM -0600, blaz wrote: > greetings, > > when running ntpdate clock.isc.org on a machine behind my firewall, I > get the following message: > > 8 Jan 23:09:02 ntpdate[2817]: no server suitable for synchronization > found > > and I noticed that my ipfwlog is producing the following: > > Jan 8 23:08:58 blaz /kernel: ipfw: 65000 Deny UDP 24.160.144.62:51315 > 204.152.184.72:123 out via xl0 > > my rules for ntp are as follows: > > # NTP - Allow queries out in the world > ${fwcmd} add pass udp from any 123 to any 123 via ${oif} > ${fwcmd} add pass udp from any 123 to any via ${iif} > ${fwcmd} add pass udp from any to any 123 via ${iif} > > > what do I need to do in order for my machines behind the firewall to > update their clocks as well? thanks in advance.