This is a rehash of another question, now that I understand things a bit better.
I have the following network set up:
NTP
10.21.3.169
| \______________
| \
10.21.3.160 (eth1) |
L1 |
10.0.0.67 (eth0) |
| |
| |
10.0.0.65 (pcn1) |
OpenBSD |
10.0.0.51 (pcn0) |
| |
| |
10.0.0.49 (eth1) 10.21.3.159 (eth0)
L2
Where L1 and L2 are Linux boxes.
I would like the OpenBSD box to be able to get the time from the NTP server. I have been told that to achieve this I need to make some changes to the OpenBSD box's /etc/pf.conf file.
My initial attempt is as follows. I know I will also need to make some changes to iptables on the Linux box, but for the moment tcpdump udp on the Linux box doesn't show any traffic coming through from the OpenBSD box, I'm assuming that the NTP client's request isn't being properly routed to the Linux box.
rdr on pcn1 proto udp from any to any port 123 -> 10.0.0.67
nat on pcn0 proto udp from any to 10.0.0.67 port 123 -> pcn1
I am updating the OpenBSD box's configuration with the following command:
pfctl -F all ; pfctl -f /etc/pf.conf
And I am doing the ntp update with the following command to see what happens:
ntpd -d -s
I am using 'traditional' ntp, not OpenNTP.
What do I need to change in pf.conf to see UDP packets arriving on L1? Just to reiterate, the PF configuration is on the same machine that I will be running the ntpd client on.
Best Answer
Ok, I've got it working. First of all, the pf configuration is:
But also, I had configured my ntp client to connect to
10.21.3.169, and in fact it should be connecting to10.0.0.67.I now need to configure the machine listening at 10.0.0.67 to forward NTP requests on to 10.21.3.169, but that's a subject for another question! :)