Jeffrey Goldberg wrote: > My firewall logs are filled with message like > > ipmon[85]: 18:52:39.107683 sis1 @0:18 b 196.28.87.75 -> > 72.64.118.118 PR icmp len 20 56 icmp unreach/port > for 72.64.118.118,123 - 196.28.87.75,123 > PR udp len 20 76 IN > > 72.64.118.118 is my pool server. > > I am accepting udp packets for destination port 123 and everything > seems to be working correctly, but I don't understand what these ICMP > packets are about. No doubt this reflects my substantial ignorance > of IP, but I would like to know whether I should/need to allow ICMP > through as well as udp 123 for NTP to work properly.
You should be letting icmp unreachables in anyway - it's required for proper network connectivity. By all means block echo request packets (although I personally never saw the point of that) but let the rest through. That's looks like it's just a misconfigured client not allowing your NTP reply packets through - it happens... not that unusual. Tony _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
