Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 2 subscribers
  • Views 6062 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NTP and the need to create packet filter rules

eclipse79oldacct
Hello,
I have enabled NTP time function, adding Internal (Network) interface and DMZ (Network) interface. The clients was unable to syncronize with Astaro ntp server until I create these packetfilter rules:

From Internal (Network) to Internal (Address) NTP service.
From DMZ (Network) to DMZ (Address) NTP service.

So my question is: what is the meaning of "Allowed Networks" if I have to manually create packetfilter rules?

Thank you
eclipse79


This thread was automatically locked due to age.
Parents
  • 0
    From Internal (Network) to Internal (Address) NTP service.
    From DMZ (Network) to DMZ (Address) NTP service.

    Whity didn't mention it, but these rules cannot have any effect on anything.

    Cheers - Bob
  • 0 in reply to BAlfson
    Whity didn't mention it, but these rules cannot have any effect on anything.

    Cheers - Bob


    You are right, I discovered that the issue is random. Only for a coincidence the packetfilter rule seemed to take effect. 

    I have tried to inspect the packets with WireShark. When client can receive the correct date/time, the Astaro response is this:

    Network Time Protocol
        Flags: 0x19
            00.. .... = Leap Indicator: no warning (0)
            ..01 1... = Version number: NTP Version 3 (3)
            .... .001 = Mode: symmetric active (1)
        Peer Clock Stratum: secondary reference (11)
        Peer Polling Interval: 4 (16 sec)
        Peer Clock Precision: 0,000004 sec
        Root Delay:    0,0000 sec
        Root Dispersion:    0,0127 sec
        Reference Clock ID: 127.127.1.0
        Reference Clock Update Time: Jul 12, 2010 13:50:28,2258 UTC
        Originate Time Stamp: Jul 12, 2010 13:51:23,7070 UTC
        Receive Time Stamp: Jul 12, 2010 13:51:23,4025 UTC
        Transmit Time Stamp: Jul 12, 2010 13:51:23,4026 UTC


    When client cannot receive date/time, the Astaro response is this:

    Network Time Protocol
        Flags: 0xd9
            11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3)
            ..01 1... = Version number: NTP Version 3 (3)
            .... .001 = Mode: symmetric active (1)
        Peer Clock Stratum: unspecified or unavailable (0)
        Peer Polling Interval: 5 (32 sec)
        Peer Clock Precision: 0,000004 sec
        Root Delay:    0,0000 sec
        Root Dispersion:    0,0015 sec
        Reference Clock ID: (Initialization)
        Reference Clock Update Time: NULL
        Originate Time Stamp: Jul 12, 2010 13:37:08,2392 UTC
        Receive Time Stamp: Jul 12, 2010 13:37:07,9361 UTC
        Transmit Time Stamp: Jul 12, 2010 13:37:07,9361 UTC


    So it seems an issue in NTP server built-in astaro... isn't it?
  • 0 in reply to eclipse79oldacct
    So it seems an issue in NTP server built-in astaro... isn't it?


    [:@][:@][:@] Damn! WinWASTE

    Meinberg Funkuhren - FAQ - Why does my Windows Time Service (w32time) not synchronize with my NTP Server?

    It's a problem with xp/2003 ntp client! [:@]
Reply Children
No Data