"Ron Ogle" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> I would like to set my ntp client to connect to localhost. The normal > connection does not allow this. Like David said, you can't do that. NTP is both a server and a client, and _always_ takes UDP port 123 for itself. So you can't set up a tunnel on the same machine. And as far as I know, you can't make NTP use a different port, either. Of course, that leaves open the possibility of setting up a tunnel and using it from another machine. But it does mean that NTP is never going to run locally on a host that pretends to be another host somewhere else. > My situation is that I use SSH for all of my communications to > external servers. I need my clients to tunnel their NTP requests > over this tunnel. I'd say you _want_ them to. Incidentally, I use the same trick to access my home network from work. But the business case is _quite_ different. > I can setup a TCP or UDP tunnel on local port 123 that is actually a > remote connection to another server's NTP service. Yes, well, for the clients, it's not a problem. They simply see your proxy as 'the' Internet NTP server. But your proxy itself is hosed, NTP-wise. > I do this as a security measure. It allows me to allow only outgoing > connections from a firewall perspective. Get a better firewall! Ancient Linuxes could do that, _and_ allow return traffic as appropriate (and only as appropriate). Groetjes, Maarten Wiltink _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
