Re: ntpd listening on alias interfaces seems non-trivial
On Mon, 2004-01-19 at 12:08, John Ackermann N8UR wrote:
> --On Monday, January 19, 2004 12:01:59 +1100 Donovan Baarda
> <abo@minkirri.apana.org.au> wrote:
>
> > Another possibility is to use NAT to re-map the response on the way
> > out... once again, if anyone gets this working, please post how you did
> > it.
>
> I don't know if this is quite you're looking for, but I had no trouble
> using Linux "ipmasqadm portfwd" to open port 123 for tcp and udp on my
> firewall. I'm going from a public IP address to a private namespace and
> that seems to work (or at least, my friend testing on the outside is able
> to get time from me).
For those not using ipmasqadm, the following iptables rule run somewhere
appropriate during startup on the machine running ntpd should do the
trick;
$ iptables -t nat -A POSTROUTING -p udp -s <eth-ip> -sport ntp \
-j SNAT --to <alias-ip>
This will only SNAT the outgoing ntp udp packets from the <eth-ip>
address so they are changed to come from the <alias-ip> address.
--
Donovan Baarda <abo@minkirri.apana.org.au>
http://minkirri.apana.org.au/~abo/
Reply to: