From owner-freebsd-questions Tue Aug 13 1:24:53 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2314C37B400 for ; Tue, 13 Aug 2002 01:24:49 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 017C943E4A for ; Tue, 13 Aug 2002 01:24:48 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.5/8.12.5) with ESMTP id g7D8OjTZ012297; Tue, 13 Aug 2002 09:24:45 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.5/8.12.5/Submit) id g7D8OeIU012296; Tue, 13 Aug 2002 09:24:40 +0100 (BST) Date: Tue, 13 Aug 2002 09:24:40 +0100 From: Matthew Seaman To: "Patrick O'Reilly" Cc: BSD Freak , Marc Schneiders , FreeBSD Questions Subject: Re: [PRIVATE] Re: Getting ntp to bind only to a certain IP address Message-ID: <20020813082440.GB11918@happy-idiot-talk.infracaninophi> References: <1163dfb1162eb2.1162eb21163dfb@mbox.com.au> <018a01c2429d$32c20530$b50d030a@PATRICK> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <018a01c2429d$32c20530$b50d030a@PATRICK> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Aug 13, 2002 at 09:44:00AM +0200, Patrick O'Reilly wrote: > From: "BSD Freak" > > No I tried twice and got no reply :-( > > > > From: Marc Schneiders > > > I saw no reply on the list. Did you perhaps get one privately? > > > Happens sometimes to me. And I would very much like to have an > > > answer to your question myself. > > > > > On Mon, 12 Aug 2002, at 07:19 [=GMT+1000], BSD Freak wrote: > > > > Just a quick one. Does anyone know how to get NTP to bind > > > > only to a certain IP address on a system (4.6-R) with multiple > > > > IP addresses (aliases)? > > I don't know any way - and all the man pages make no reference to such a > possibility. I use ipfw and only allow connections to the specific IP > address, or via the specific NIC. Seems that there isn't any way to control how ntpd binds to interfaces --- if you look at the source code in /usr/src/contrib/ntp/ntpd/ntp_config.c, there aren't any controls that could control that sort of thing. The closest possibility available is the 'restrict' command, which you can use to prevent ntpd responding to network addresses accessible through particular interfaces, or like Patrick says, use a firewall to block the traffic: add 999 add deny udp from any 123 to any 123 via xl0 Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message