Hi all, I am new to the pool.
I just read an old message (APRIL 2006 ;-) about ntpd
behind a linux firewall.
Here is how I setup my rules :
for redirport in 123
do
${IPTABLES} -A FORWARD -i ${EXTIF} -o ${INTIF} -p udp --dport $redirport
-m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -A PREROUTING -t nat -p udp -d ${EXTIP} --dport $redirport \
-j DNAT --to-destination ${NTPIP}:$redirport
done
This allow access to my internal stratum 3 ntpd server which handles pool
requests.
I also have the firewall running ntpd (stratum 2) and iptables handles
nicely the dispatch of the trafic between the internal stratum 3 ntpd and
the ntpd on the firewall (stratum 2).
This means than ipcontrack is smart enough to route replies from stratum
1 servers on port udp 123 to my stratum 2 server while forwarding new
request from the pool to port udp 123 of the stratum 3 server.
I have monitored my ntp pool stratum 3 server from external locations and
it seems to be just as good as the best stratum 1 servers that I
know of. Given all the stories of bad offsets that I read about, does
anybody has comments ? (I forgot to mention: it is running on ADSL
also ;-))
External monitoring snapshot example :
+207.236.226.149 192.168.1.38 3 u 2 1024 377 23.541 -0.442
0.167
+192.5.41.209 .USNO. 1 u 974 1024 377 27.140 -0.213
0.117
*18.26.4.105 .CDMA. 1 u 160 1024 377 25.861 0.388
1.436
Does anybody care to monitor my stratum 3 server on 207.236.226.149 with
ntpd noselect ? It is just that I find my stratum 3 pool server
performance almost too good to be true ;-)
Louis
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
