next »

[BigTy]

Looks like I have one more small issue. Any PC Windows Vista, XP, Mac will not do a time sync is there anything I can do to resolve this small issue?

I do want to thank you guys for all the help with this venture.

[hoba]

Where do the clients try to sync to? The pfSense or an external timeserver? If it's the pfSense, did you configure the timeserver for your clients correctly?

[BigTy]

No I tried all external based servers like the two defaults in XP and Vista and time.apple.com on the MAC.

[hoba]

I don't see this problem here. Do you use a restrictive ruleset at you LAN interface or are you using the default lan to any allow rule?

[BigTy]

Defualt allow all.

[cmb]

Try to sync a machine and check your firewall log. See anything relevant?

Also might want to add a pass rule for UDP port 123, enable logging on it, and put it above your default rule. That way all NTP traffic will be logged and you can see if it's getting permitted.

[BigTy]

Good news that did resolve the issue. Any reason as to why that wouldnt work with the default setting?

[hoba]

What cmb suggested was only needed for debugging. It should work with the default settings and it actually does for me.

[cmb]

Yeah what I suggested wouldn't fix the issue, it would just tell you whether or not the NTP traffic was passing the firewall. If your LAN rule was allow all, it wouldn't have changed anything with your rules.

[BigTy]

more status on this issue as of today it is no longer working and this is with the other rule in place.

Here are the logs

Apr 23 18:04:39 pf: 10. 726712 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48
Apr 23 18:00:32 pf: 156. 377540 rule 38/0(match): pass in on xl0: 192.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
Apr 23 17:57:56 pf: 23. 546766 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
Apr 23 17:57:32 pf: 86. 472199 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48

Windows reporting time period exspired

Here are the rules

UDP  *  *  *  123 (NTP)  *  NTP Rule
* LAN net  *  *  *  *  Default LAN -> any


*Update*

Removed the first rule and it looks to have returned again. I think I may have found something not 100% sure but it does fail on the first appemt but does complete on the second third and forth attempt.