Ron Ogle wrote: > I would like to set my ntp client to connect to localhost. The normal > connection does not allow this. >
Of course not. Don't use 127.0.0.1 for this. Use a different address. > My situation is that I use SSH for all of my communications to external > servers. I need my clients to tunnel their NTP requests over this tunnel. > NTP has no problem running over a VPN, it's implemented on a layer below UDP. However using localhost is a really bad idea. > I can setup a TCP or UDP tunnel on local port 123 that is actually a > remote connection to another server's NTP service. > Follow the SSH rules for this but even with SSH you can't use localhost, that would just route you back to yourself. The tunnel needs to have an address other than the ones in use by the system. > I do this as a security measure. It allows me to allow only outgoing > connections from a firewall perspective. > This makes no sense. Set up the firewall correctly to allow only those packets for which you need. Danny > Thanks in advance. > Ron Ogle _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
