John asked: > Last night, I was able to add the stratum 2 server (24.123.66.139) to > the pool, but when I tried to add the NAT'd stratum 1 server > (24.123.66.138) I got a "didn't get an NTP response..." message back > from the form.
> This is odd, as several other machines are sync'ing to that server > through the firewall and NAT without any problems. I wonder if there's > something about the ports that the test script uses that is causing the > problem. I have port 123 open for both UDP and TCP, and have ipmasq'd > both UDP and TCP on that port from the internal server to the firewall. Queries from most "ntpd" daemons (built from standard ntp source kits) come from port 123 and go to port 123. Command-line and web ntp-query tools, some firewalls, and some non-ntpd implementations will send the queries from their non-123 ports to you at your port 123, and expect to get the UDP packet at their non-123 port. Many (all?) NAT implementations and some firewalls will completely randomize UDP queries' port numbers on their way through. So even if the querying machine is sending its query from 123, the NAT will send it out from (say) 23456, and then when NAT gets something back at 23456 it'll send it back to 123 at the original machine. Complicated enough??? :-) Make sure you've enabled your firewall for outgoing NTP stuff to ports other than 123, and you've enabled your firewall to accept UDP queries "coming from" (note in quotes!) ports other than 123 if they are going to your port 123. Tim. _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
