In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Ron Ogle) wrote: > My situation is that I use SSH for all of my communications to external > servers. I need my clients to tunnel their NTP requests over this tunnel.
Tunnelling over TCP is likely to quite seriously degrade the delay and symmetry of the delay. If your only alternative is to tunnel like, this, use a local radio clock as your primary NTP reference. (Look up Nagle Algorith for one of the reasons why you may get significant delays if there is any contention for the tunnel, even in the absence of retransmissions.) > I can setup a TCP or UDP tunnel on local port 123 that is actually a > remote connection to another server's NTP service. Port 123 is already taken by ntpd itself. > I do this as a security measure. It allows me to allow only outgoing > connections from a firewall perspective. ntpd uses UDP, which is connectionless. However, a good stateful firewall will temporarily open the firewall for any return traffic. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
