1. Home
  2. pfSense® Software
  3. NAT
  4. Trying to figure out if NTP redirection is working

Trying to figure out if NTP redirection is working

  • P

    Following the instructions at https://linuxincluded.com/ntp-server-ip-blacklisted-nat-redirection-ftw/ , I set up NTP redirection for one of my vlans. The pfSense NTP server is set up on that interface, and I even specified the address under the NTP section of the DHCP settings for that vlan.

    However, when I complete a packet capture for port 123, I see almost constant attempts by several devices (one device in particular) to synchronize their times (see below). I can't figure out whether the local NTP server is actually providing the requested time data to the local client or not. Would appreciate someone more knowledgable having a look at this traffic capture and telling me whether the NTP redirect is working or not?

    Thanks!

    12:01:07.197564 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 18831, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.58821 > 216.55.208.22.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080162.068397959 (2020/02/07 11:02:42)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080162.068397959 (2020/02/07 11:02:42)
12:01:07.197634 00:08:a2:0d:43:32 > 44:73:d6:21:ec:94, ethertype IPv4 (0x0800), length 90: (tos 0xb8, ttl 64, id 17017, offset 0, flags [none], proto UDP (17), length 76)
    216.55.208.22.123 > 192.168.112.139.58821: [bad udp cksum 0xd9cb -> 0x7d79!] NTPv4, length 48
	Server, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 3790080162.068202847 (2020/02/07 11:02:42)
	  Receive Timestamp:    3790080162.068202847 (2020/02/07 11:02:42)
	  Transmit Timestamp:   3790080162.068202847 (2020/02/07 11:02:42)
	    Originator - Receive Timestamp:  -0.000000000
	    Originator - Transmit Timestamp: -0.000000000
12:01:09.192305 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32099, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068094115 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068094115 (2020/02/07 11:02:44)
12:01:09.192976 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32100, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068300170 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068300170 (2020/02/07 11:02:44)
12:01:09.193933 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32101, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068522524 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068522524 (2020/02/07 11:02:44)
12:01:09.194683 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26669, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080164.068671070 (2020/02/07 11:02:44)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080164.068671070 (2020/02/07 11:02:44)
12:01:11.202253 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26809, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068124849 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068124849 (2020/02/07 11:02:46)
12:01:11.202281 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26810, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068253604 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068253604 (2020/02/07 11:02:46)
12:01:11.256060 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26811, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068353721 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068353721 (2020/02/07 11:02:46)
12:01:11.264399 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14050, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080166.068488530 (2020/02/07 11:02:46)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080166.068488530 (2020/02/07 11:02:46)
12:01:13.200424 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14150, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080168.068655237 (2020/02/07 11:02:48)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080168.068655237 (2020/02/07 11:02:48)
12:01:13.200450 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14151, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080168.069838715 (2020/02/07 11:02:48)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080168.069838715 (2020/02/07 11:02:48)
12:01:13.201868 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14152, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48
	Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3790080168.070042442 (2020/02/07 11:02:48)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3790080168.070042442 (2020/02/07 11:02:48)
    0
  • P

    Anyone?

    0
  • V

    You cannot see that in a packet capture, at least not on the internal interface.
    You can do a capture on WAN while updating the system time on the client. If the packets do not appear there the NAT will work.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy