From owner-freebsd-questions  Mon Jan 28 14: 6: 2 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from rush.telenordia.se (mail.telenordia.se [194.213.64.42])
	by hub.freebsd.org (Postfix) with SMTP id 2293E37B416
	for <freebsd-questions@FreeBSD.ORG>; Mon, 28 Jan 2002 14:05:50 -0800 (PST)
Received: (qmail 5922 invoked from network); 28 Jan 2002 23:05:48 +0100
Received: from bb-62-5-36-29.bb.tninet.se (HELO there) (62.5.36.29)
  by mail.telenordia.se with SMTP; 28 Jan 2002 23:05:48 +0100
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mark Rowlands <fuc952d@tninet.se>
To: Jonathan Chen <jonc@chen.org.nz>,
	devin-freebsdquestions@rintrah.org
Subject: Re: NTP behind NAT box?
Date: Mon, 28 Jan 2002 23:05:56 +0100
X-Mailer: KMail [version 1.3.2]
Cc: Marco Radzinschi <marco@radzinschi.com>,
	freebsd-questions@FreeBSD.ORG
References: <20020122085250.N7705-100000@mail.radzinschi.com> <20020128072745.A76592@tharmas.rintrah.org> <20020129075727.A2307@grimoire.chen.org.nz>
In-Reply-To: <20020129075727.A2307@grimoire.chen.org.nz>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020128220550.2293E37B416@hub.freebsd.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Monday 28 January 2002 7:57 pm, Jonathan Chen wrote:
> On Mon, Jan 28, 2002 at 07:27:45AM -0500, 
devin-freebsdquestions@rintrah.org wrote:
> > On Tue, Jan 22, 2002 at 08:56:10AM -0500, Marco Radzinschi wrote:
> > > Hello:
> > >
> > > 	I am running ntpd on a machine behind a router which is taking
> > > care of NAT.  I have the router forwarding UDP packets on port 123 to
> > > said machine, and NTP is working.
> > >
> > > Now, do I really need to be forwarding UDP/123 to that machine, or will
> > > ntpd work without it?
> >
> > ntpd will make outbound connections to sync the box it is running on with
> > whatever ntp server you connect to in the outside world.
> >
> > in this case you don't need to be forwarding port 123 to it (in fact,
> > that might be a bad idea...)
>
> Hmm. I've just played around with this recently, and it looks like one
> *does* need to forward port 123. A quick check with "ntpq -p" shows that
> if you don't forward the port, all of the servers you try to sync with
> are marked as "rejected".
>

I run a freebsd firewall / router with ipf and nat, have no ports forwarded 
and ntpd  runs fine.

-- 
A lost ounce of gold may be found, a lost moment of time never.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message