[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ntpd listening on alias interfaces seems non-trivial

On Mon, 2004-01-19 at 12:08, John Ackermann N8UR wrote:
> --On Monday, January 19, 2004 12:01:59 +1100 Donovan Baarda 
> <abo@minkirri.apana.org.au> wrote:
> > Another possibility is to use NAT to re-map the response on the way
> > out... once again, if anyone gets this working, please post how you did
> > it.
> I don't know if this is quite you're looking for, but I had no trouble 
> using Linux "ipmasqadm portfwd" to open port 123 for tcp and udp on my 
> firewall.  I'm going from a public IP address to a private namespace and 
> that seems to work (or at least, my friend testing on the outside is able 
> to get time from me).

For those not using ipmasqadm, the following iptables rule run somewhere
appropriate during startup on the machine running ntpd should do the

$ iptables -t nat -A POSTROUTING -p udp -s <eth-ip> -sport ntp \
-j SNAT --to <alias-ip>

This will only SNAT the outgoing ntp udp packets from the <eth-ip>
address so they are changed to come from the <alias-ip> address.

Donovan Baarda <abo@minkirri.apana.org.au>

Reply to: