Open for egress traffic to NTP pool?
-
This post is deleted! -
@furom Well, the outbound NAT rule did not help in my case, though missing to begin with. Any other ideas?
-
@furom
Kind of hard to help if you delete your posts.NTP is UDP/123 , and since it's a pool , you would. prob have to permit "to any"
What is talking to the NTP Pool ?
pfSense it self or clients ?/Bingo
-
@bingo600 Hi, thanks for replying. Not sure what happened, I think it may have been flagged...
I have a redirect from my local LANs to pfSense, where the NTP server is running, and yes, that should talk to the pool
-
@furom
Is pfSense NTP Syncing to the pool fine ??Status --> NTP
Note the "Pool" it self will always show as "unreachable"
But members of the pool should be reachable.Stratum below 16 is "valid" , lowest best
Reach = 377 ==> Best connectivityIf you see an "Active peer" your pfSense NTP is "sync'ed" , and the challenge lies within your NAT forward rule.
Do you see any block/deny's in the pfSense log ?
If any of this usable ?
https://forum.netgate.com/topic/156236/redirect-ntp-to-pfsense-not-working-for-me/10/Bingo
-
@bingo600 No, it does not sync with the pool, this is what it looks like for me;
I will check the link you posted, thanks -
@furom Still not working, but tried adding a floating rule (disabled in the pic as it didn't work);
-
@furom
Unless you have done something "Non standard" on the WAN interface , you do not need to allow anything on the Wan interface , in order to sync to NTP.Is your pfSense conected directly to the internet, or via an ISP router ?
Could it be your ISP, that is blocking NTP ?
A bit unusual i'd say if they do but ......How does your Settings --> NTP look ?
Remember ...
Selecting no interfaces here , will make NTP listen on all IF's , prob what you want.You didn't get creative , and make some ACL's did you ?
/Bingo
-
@bingo600 said in Open for egress traffic to NTP pool?:
Unless you have done something "Non standard" on the WAN interface , you do not need to allow anything on the Wan interface , in order to sync to NTP
Thanks! Looking in settings, turned out I somhow only had chosen localhost... Adding the lans to the mix resulted in an active peer! :)