NTPd which interfaces
-
Hello,
What exactly does “bind to” mean when selecting the interfaces for the pfSense NTPd to use ? I think I want it to listen on the WAN in order to get the time from the pool servers, but I don’t want it to serve the time to anything on the WAN. I want it to serve the time to all my local interfaces.
Does that mean I select
- WAN only, or
- all interfaces except the WAN, or
- all interfaces
I have seen all three possibilities recommended :)
BRgds/Alan
-
Where are you seeing that? I don't see any mention of ports or "bind to" You point the server to whatever sources and then clients on the LAN can connect to pfsense.
-
It's mentioned on the linked help page from the config:
Interface: Select the interface(s) to use for NTP. The NTP daemon binds to all interfaces by default to receive replies properly. This may be minimized by selecting at least one interface to bind, but that interface will also be used to source the NTP queries sent out to remote servers, not only to serve clients. Deselecting all interfaces is the equivalent of selecting allSteve
-
@stephenw10 , thanks.
Yes, I read the docs and the system is working fine. I guess I am trying to figure out what the best practice is.
I have 9 VLANS all showing as an "Interface", plus WAN and localhost. It looks to me like I should select everything that I want to be served with the time, including localhost. However, it isn't clear what to do with the WAN - the docs appear to suggest that any interface could be used to contact the nominated time servers, in which case no need to select WAN ??
BRgds/Alan
-
The default setting, where it uses all interfaces, is fine. Incoming traffic is blocked on WAN so nothing external can query it.
Yes, if you don't select WAN ntpd cannot source from it to reach external servers. But that's fine, it can just use another interfaces and be NAT'd. Traffic is stil routed out of the WAN.
Steve
-
