Open for egress traffic to NTP pool?

furom

This post is deleted!

furom

@furom Well, the outbound NAT rule did not help in my case, though missing to begin with. Any other ideas?

bingo600

@furom
Kind of hard to help if you delete your posts.

NTP is UDP/123 , and since it's a pool , you would. prob have to permit "to any"

What is talking to the NTP Pool ?
pfSense it self or clients ?

/Bingo

furom

@bingo600 Hi, thanks for replying. Not sure what happened, I think it may have been flagged...

I have a redirect from my local LANs to pfSense, where the NTP server is running, and yes, that should talk to the pool

bingo600

@furom
Is pfSense NTP Syncing to the pool fine ??

Status --> NTP

Note the "Pool" it self will always show as "unreachable"
But members of the pool should be reachable.

Stratum below 16 is "valid" , lowest best
Reach = 377 ==> Best connectivity

If you see an "Active peer" your pfSense NTP is "sync'ed" , and the challenge lies within your NAT forward rule.

Do you see any block/deny's in the pfSense log ?

If any of this usable ?
https://forum.netgate.com/topic/156236/redirect-ntp-to-pfsense-not-working-for-me/10

/Bingo

furom

@bingo600 No, it does not sync with the pool, this is what it looks like for me;

I will check the link you posted, thanks

furom

@furom Still not working, but tried adding a floating rule (disabled in the pic as it didn't work);

bingo600

@furom
Unless you have done something "Non standard" on the WAN interface , you do not need to allow anything on the Wan interface , in order to sync to NTP.

Is your pfSense conected directly to the internet, or via an ISP router ?

Could it be your ISP, that is blocking NTP ?
A bit unusual i'd say if they do but ......

How does your Settings --> NTP look ?

Remember ...
Selecting no interfaces here , will make NTP listen on all IF's , prob what you want.

You didn't get creative , and make some ACL's did you ?

/Bingo

furom

@bingo600 said in Open for egress traffic to NTP pool?:

Unless you have done something "Non standard" on the WAN interface , you do not need to allow anything on the Wan interface , in order to sync to NTP

Thanks! Looking in settings, turned out I somhow only had chosen localhost... Adding the lans to the mix resulted in an active peer! :)