pfSense Support Subscription

Author Topic: PFSense as public NTP server  (Read 2618 times)

0 Members and 1 Guest are viewing this topic.

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
PFSense as public NTP server
« on: April 12, 2012, 11:59:07 am »
Dear,

I know PFSense has a NTP server on board for internal use.  But i want to set my pfsense server as a part of the NTP Pool project.  Do i just have to open port TCP 123 or do i have to do more?

Kris

Offline joebobfrank

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +0/-0
    • View Profile
Re: PFSense as public NTP server
« Reply #1 on: April 15, 2012, 05:15:58 pm »
I believe that you will have to open up port 123 on the WAN and also enable OpenNTP to run on the WAN.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: PFSense as public NTP server
« Reply #2 on: April 15, 2012, 09:29:43 pm »
openntp not really a good choice as ntp server imho.  Not good way to monitor what its doing with ntpq or ntpdc, etc. like you can with the full ntp client.  Its ok for keep some boxes time somewhat correct.

If you want to join the pool, just run full ntp on your pfsense box.  Simple enough to do.  This is what I did before I moved to virtual, now I use ntp on the actual host hardware as the ntp server vs the pfsense box.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: PFSense as public NTP server
« Reply #3 on: April 16, 2012, 10:04:10 am »
I believe that you will have to open up port 123 on the WAN and also enable OpenNTP to run on the WAN.

I did that, but when i want to add the IP to the pool project, i get the error "Your servers hostname or IP address:Didn't get an NTP response from my.IP.address".


Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8177
  • Karma: +12/-0
    • View Profile
Re: PFSense as public NTP server
« Reply #4 on: April 16, 2012, 11:38:27 am »
Is your WAN address really 10.0.0.1?
Is weepee01 your WAN interface?

Steve

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: PFSense as public NTP server
« Reply #5 on: April 16, 2012, 12:20:06 pm »
Is your WAN address really 10.0.0.1?
Is weepee01 your WAN interface?

Steve
10.0.0.1 is my PFSense box (internal IP)
WAN interfaces are WeePee01 and EDPnet01 (dual wan setup)


Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8177
  • Karma: +12/-0
    • View Profile
Re: PFSense as public NTP server
« Reply #6 on: April 16, 2012, 05:47:22 pm »
You are port forwarding incoming ntp traffic to the pfSense LAN interface but you are running ntpd on WAN and not LAN.
Either enable ntpd on LAN as well (hold ctrl to select more interfaces) or remove the port forward and just set the firewall rule to the WAN interface.

Similarly there is no need to port forward to the LAN interface for webGUI access. Just open a firewall hole to WAN.

Steve

Offline krisken

  • Full Member
  • ***
  • Posts: 155
  • Karma: +0/-0
    • View Profile
Re: PFSense as public NTP server
« Reply #7 on: April 17, 2012, 01:42:26 am »
Quite a stupid mistake!  But indeed, it's working now!
Thanks a lot!