How to configure ntp client to connect to localhost?

Thread: How to configure ntp client to connect to localhost?

Search this list only Search all lists
How to configure ntp client to connect to localhost?
United States	2007-07-02 19:02:50
I would like to set my ntp client to connect to localhost. The normal connection does not allow this. My situation is that I use SSH for all of my communications to external servers. I need my clients to tunnel their NTP requests over this tunnel. I can setup a TCP or UDP tunnel on local port 123 that is actually a remote connection to another server's NTP service. I do this as a security measure. It allows me to allow only outgoing connections from a firewall perspective. Thanks in advance. Ron Ogle _______________________________________________ questions mailing list questionslists.ntp.isc.org https://lists.ntp.isc.org/mailman/listinfo/questions

Re: How to configure ntp client to connect to localhost?
United Kingdom	2007-07-03 14:50:26
In article <4689922A.7040708tce.com>, oglertce.com (Ron Ogle) wrote: > My situation is that I use SSH for all of my communications to external > servers. I need my clients to tunnel their NTP requests over this tunnel. Tunnelling over TCP is likely to quite seriously degrade the delay and symmetry of the delay. If your only alternative is to tunnel like, this, use a local radio clock as your primary NTP reference. (Look up Nagle Algorith for one of the reasons why you may get significant delays if there is any contention for the tunnel, even in the absence of retransmissions.) > I can setup a TCP or UDP tunnel on local port 123 that is actually a > remote connection to another server's NTP service. Port 123 is already taken by ntpd itself. > I do this as a security measure. It allows me to allow only outgoing > connections from a firewall perspective. ntpd uses UDP, which is connectionless. However, a good stateful firewall will temporarily open the firewall for any return traffic. _______________________________________________ questions mailing list questionslists.ntp.isc.org https://lists.ntp.isc.org/mailman/listinfo/questions

Re: How to configure ntp client to connect to localhost?
Netherlands	2007-07-04 03:21:37
"Ron Ogle" <oglertce.com> wrote in message news:4689922A.7040708tce.com... > I would like to set my ntp client to connect to localhost. The normal > connection does not allow this. Like David said, you can't do that. NTP is both a server and a client, and _always_ takes UDP port 123 for itself. So you can't set up a tunnel on the same machine. And as far as I know, you can't make NTP use a different port, either. Of course, that leaves open the possibility of setting up a tunnel and using it from another machine. But it does mean that NTP is never going to run locally on a host that pretends to be another host somewhere else. > My situation is that I use SSH for all of my communications to > external servers. I need my clients to tunnel their NTP requests > over this tunnel. I'd say you _want_ them to. Incidentally, I use the same trick to access my home network from work. But the business case is _quite_ different. > I can setup a TCP or UDP tunnel on local port 123 that is actually a > remote connection to another server's NTP service. Yes, well, for the clients, it's not a problem. They simply see your proxy as 'the' Internet NTP server. But your proxy itself is hosed, NTP-wise. > I do this as a security measure. It allows me to allow only outgoing > connections from a firewall perspective. Get a better firewall! Ancient Linuxes could do that, _and_ allow return traffic as appropriate (and only as appropriate). Groetjes, Maarten Wiltink _______________________________________________ questions mailing list questionslists.ntp.isc.org https://lists.ntp.isc.org/mailman/listinfo/questions

Re: How to configure ntp client to connect to localhost?
United States	2007-07-04 10:15:03
Ron Ogle wrote: > I would like to set my ntp client to connect to localhost. The normal > connection does not allow this. > Of course not. Don't use 127.0.0.1 for this. Use a different address. > My situation is that I use SSH for all of my communications to external > servers. I need my clients to tunnel their NTP requests over this tunnel. > NTP has no problem running over a VPN, it's implemented on a layer below UDP. However using localhost is a really bad idea. > I can setup a TCP or UDP tunnel on local port 123 that is actually a > remote connection to another server's NTP service. > Follow the SSH rules for this but even with SSH you can't use localhost, that would just route you back to yourself. The tunnel needs to have an address other than the ones in use by the system. > I do this as a security measure. It allows me to allow only outgoing > connections from a firewall perspective. > This makes no sense. Set up the firewall correctly to allow only those packets for which you need. Danny > Thanks in advance. > Ron Ogle _______________________________________________ questions mailing list questionslists.ntp.isc.org https://lists.ntp.isc.org/mailman/listinfo/questions

[1-4]

about | contact Other archives ( Real Estate discussion Medical topics )