Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to figure out if NTP redirection is working

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 418 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfguy2018
      last edited by

      Following the instructions at https://linuxincluded.com/ntp-server-ip-blacklisted-nat-redirection-ftw/ , I set up NTP redirection for one of my vlans. The pfSense NTP server is set up on that interface, and I even specified the address under the NTP section of the DHCP settings for that vlan.

      However, when I complete a packet capture for port 123, I see almost constant attempts by several devices (one device in particular) to synchronize their times (see below). I can't figure out whether the local NTP server is actually providing the requested time data to the local client or not. Would appreciate someone more knowledgable having a look at this traffic capture and telling me whether the NTP redirect is working or not?

      Thanks!

      12:01:07.197564 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 18831, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.58821 > 216.55.208.22.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080162.068397959 (2020/02/07 11:02:42)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080162.068397959 (2020/02/07 11:02:42)
12:01:07.197634 00:08:a2:0d:43:32 > 44:73:d6:21:ec:94, ethertype IPv4 (0x0800), length 90: (tos 0xb8, ttl 64, id 17017, offset 0, flags [none], proto UDP (17), length 76)
    216.55.208.22.123 > 192.168.112.139.58821: [bad udp cksum 0xd9cb -> 0x7d79!] NTPv4, length 48
	Server, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 3790080162.068202847 (2020/02/07 11:02:42)
	  Receive Timestamp:    3790080162.068202847 (2020/02/07 11:02:42)
	  Transmit Timestamp:   3790080162.068202847 (2020/02/07 11:02:42)
	    Originator - Receive Timestamp:  -0.000000000
	    Originator - Transmit Timestamp: -0.000000000
12:01:09.192305 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32099, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068094115 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068094115 (2020/02/07 11:02:44)
12:01:09.192976 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32100, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068300170 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068300170 (2020/02/07 11:02:44)
12:01:09.193933 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32101, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068522524 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068522524 (2020/02/07 11:02:44)
12:01:09.194683 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26669, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068671070 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068671070 (2020/02/07 11:02:44)
12:01:11.202253 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26809, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068124849 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068124849 (2020/02/07 11:02:46)
12:01:11.202281 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26810, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068253604 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068253604 (2020/02/07 11:02:46)
12:01:11.256060 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26811, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068353721 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068353721 (2020/02/07 11:02:46)
12:01:11.264399 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14050, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068488530 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068488530 (2020/02/07 11:02:46)
12:01:13.200424 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14150, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080168.068655237 (2020/02/07 11:02:48)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080168.068655237 (2020/02/07 11:02:48)
12:01:13.200450 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14151, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080168.069838715 (2020/02/07 11:02:48)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080168.069838715 (2020/02/07 11:02:48)
12:01:13.201868 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14152, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080168.070042442 (2020/02/07 11:02:48)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080168.070042442 (2020/02/07 11:02:48)
      1 Reply Last reply Reply Quote 0
      • P
        pfguy2018
        last edited by

        Anyone?

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          You cannot see that in a packet capture, at least not on the internal interface.
          You can do a capture on WAN while updating the system time on the client. If the packets do not appear there the NAT will work.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.