Date: Wed, 25 Jul 2007 10:30:25 +1000 From: Andrew Reilly <andrew-freebsd@areilly.bpc-users.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: freebsd-stable@freebsd.org, Pete French <petefrench@ticketswitch.com> Subject: Re: ntpd on a NAT gateway seems to do nothing Message-ID: <20070725003025.GA63332@duncan.reilly.home> In-Reply-To: <20070724192425.GV1162@turion.vk2pj.dyndns.org> References: <200707241451.l6OEpq2O014634@lurza.secnetix.de> <E1IDLrs-0001U0-Di@dilbert.ticketswitch.com> <20070724192425.GV1162@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 25, 2007 at 05:24:25AM +1000, Peter Jeremy wrote: > On 2007-Jul-24 16:00:08 +0100, Pete French <petefrench@ticketswitch.com> wrote: > Yes it does. The major difference is that ntpd will use a source > port of 123 whilst ntpdate will use a dynamic source port. Is that behaviour that can be defeated? If it uses a fixed source port, then multiple ntpd clients behind a nat firewall will be competing for the same ip quadtuple at the NAT box. (Or does ipnat or pf have the ability to fake different source addresses?) (I've had what I think is this problem with a VPN setup, where only one client behind the NAT firewall could run the VPN client at a time, because the VPN protocol used a fixed port and UDP. Maybe my NAT rules need more sophistication? I don't pay all that much attention to it...) Cheers, -- Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070725003025.GA63332>