Michelle Konzack <[email protected]> writes: > Hello lee, > > Am 2011-06-22 22:48:58, hacktest Du folgendes herunter: >> When the router is already asking <dns1.private> for the IP addresses of >> the NTP servers the router wants to connect to, what prevents you from >> making DNS entries on <dns1.private> which will resolve the queries of >> the router to the IP addresses of your private NTP server? > > Because this route makes weird traffic. Since the router OS it is not > Linux based I can not do very much as analyzing as best as possibel. > > It seems, the router has hardcoded routes and if I tell it to use > <dns1.private> it makes lookups on it, but then I get connections from > my router else where... asking for <178.63.64.14> and <109.75.190.27>.
,---- [ Message-ID: <20110622150732.GO4017@michelle1> ] | The current setup is: | | <[email protected]>-+ +--<dns.private> | <[email protected]>-+ +--<ntp.private> | | +--<samba.private> | INTERNET +---- router with a ----+ | | crappy NTP Client +--<michelle1.private> | <ntp1_by_IP>-----------+ +--<devel.private> | <ntp2_by_IP>-----------+ | capturing uncontrolled | data from my router `---- As long as your router is connected to the internet directly, I think there isn´t anything you could do to prevent it from making connections to hosts on the internet the way it wants to, unless you can make settings in the router itself that would prevent it from doing so. I don´t understand what this has to do with routing: 1.) If the router uses IP addresses of NTP servers instead of looking up the IPs by hostnames, it doesn´t need to query your name server. 2.) If it queries your name server for IP addresses of NTP servers, receives the IP addresses of them and then still connects to different IP addresses than those given by your name server to send NTP requests to, the router is broken (Or perhaps restarting it helps?). That leaves you with some options, listed in no particular order: 1.) replace the router 2.) Omit the router and use one of the hosts on the right side of your schematic to replace it. 3.) Don´t connect the router to the internet directly but through one of the hosts on the left side of your schematic. The host would capture the NTP traffic and operate as a router for the router. (probably not feasible) 4.) like 3.), but connecting the router to one of the hosts on the right rather than on the left side 5.) leave it as it is 6.) turn off NTP in the router 7.) Make the manufacturer of the router fix the NTP client. 8.) If the router allows you to set static routes, set static routes for the two IPs it sends NTP requests to. Add two network cards to one of the hosts on the right side the static routes point to and give them the IPs the router is sending its requests to. Attaching two more IPs to an existing network card should suffice, though. The disadvantage is that the hosts outside of your network which have these IPs become unreachable from inside your network. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
