pfSense Gold Subscription

Author Topic: Time sync on all PCs  (Read 2192 times)

0 Members and 1 Guest are viewing this topic.

Offline BigTy

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Time sync on all PCs
« on: April 15, 2007, 08:49:00 am »
Looks like I have one more small issue. Any PC Windows Vista, XP, Mac will not do a time sync is there anything I can do to resolve this small issue?

I do want to thank you guys for all the help with this venture.

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Time sync on all PCs
« Reply #1 on: April 15, 2007, 01:58:44 pm »
Where do the clients try to sync to? The pfSense or an external timeserver? If it's the pfSense, did you configure the timeserver for your clients correctly?

Offline BigTy

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: Time sync on all PCs
« Reply #2 on: April 15, 2007, 03:30:44 pm »
No I tried all external based servers like the two defaults in XP and Vista and time.apple.com on the MAC.

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Time sync on all PCs
« Reply #3 on: April 15, 2007, 05:25:32 pm »
I don't see this problem here. Do you use a restrictive ruleset at you LAN interface or are you using the default lan to any allow rule?

Offline BigTy

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: Time sync on all PCs
« Reply #4 on: April 15, 2007, 07:10:29 pm »
Defualt allow all.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6288
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Time sync on all PCs
« Reply #5 on: April 17, 2007, 07:34:39 pm »
Try to sync a machine and check your firewall log. See anything relevant?

Also might want to add a pass rule for UDP port 123, enable logging on it, and put it above your default rule. That way all NTP traffic will be logged and you can see if it's getting permitted.

Offline BigTy

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: Time sync on all PCs
« Reply #6 on: April 20, 2007, 05:30:02 pm »
Good news that did resolve the issue. Any reason as to why that wouldnt work with the default setting?

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Time sync on all PCs
« Reply #7 on: April 22, 2007, 09:29:50 am »
What cmb suggested was only needed for debugging. It should work with the default settings and it actually does for me.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6288
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Time sync on all PCs
« Reply #8 on: April 22, 2007, 08:42:19 pm »
Yeah what I suggested wouldn't fix the issue, it would just tell you whether or not the NTP traffic was passing the firewall. If your LAN rule was allow all, it wouldn't have changed anything with your rules.

Offline BigTy

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: Time sync on all PCs
« Reply #9 on: April 23, 2007, 05:07:51 pm »
more status on this issue as of today it is no longer working and this is with the other rule in place.

Here are the logs

Apr 23 18:04:39 pf: 10. 726712 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48
Apr 23 18:00:32 pf: 156. 377540 rule 38/0(match): pass in on xl0: 192.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
Apr 23 17:57:56 pf: 23. 546766 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
Apr 23 17:57:32 pf: 86. 472199 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48

Windows reporting time period exspired

Here are the rules

UDP  *  *  *  123 (NTP)  *  NTP Rule
* LAN net  *  *  *  *  Default LAN -> any


*Update*

Removed the first rule and it looks to have returned again. I think I may have found something not 100% sure but it does fail on the first appemt but does complete on the second third and forth attempt.
« Last Edit: April 23, 2007, 05:13:11 pm by BigTy »