Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Time sync on all PCs

    Scheduled Pinned Locked Moved NAT
    10 Posts 3 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BigTy
      last edited by

      Looks like I have one more small issue. Any PC Windows Vista, XP, Mac will not do a time sync is there anything I can do to resolve this small issue?

      I do want to thank you guys for all the help with this venture.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Where do the clients try to sync to? The pfSense or an external timeserver? If it's the pfSense, did you configure the timeserver for your clients correctly?

        1 Reply Last reply Reply Quote 0
        • B
          BigTy
          last edited by

          No I tried all external based servers like the two defaults in XP and Vista and time.apple.com on the MAC.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            I don't see this problem here. Do you use a restrictive ruleset at you LAN interface or are you using the default lan to any allow rule?

            1 Reply Last reply Reply Quote 0
            • B
              BigTy
              last edited by

              Defualt allow all.

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                Try to sync a machine and check your firewall log. See anything relevant?

                Also might want to add a pass rule for UDP port 123, enable logging on it, and put it above your default rule. That way all NTP traffic will be logged and you can see if it's getting permitted.

                1 Reply Last reply Reply Quote 0
                • B
                  BigTy
                  last edited by

                  Good news that did resolve the issue. Any reason as to why that wouldnt work with the default setting?

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    What cmb suggested was only needed for debugging. It should work with the default settings and it actually does for me.

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by

                      Yeah what I suggested wouldn't fix the issue, it would just tell you whether or not the NTP traffic was passing the firewall. If your LAN rule was allow all, it wouldn't have changed anything with your rules.

                      1 Reply Last reply Reply Quote 0
                      • B
                        BigTy
                        last edited by

                        more status on this issue as of today it is no longer working and this is with the other rule in place.

                        Here are the logs

                        Apr 23 18:04:39 pf: 10. 726712 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48
                        Apr 23 18:00:32 pf: 156. 377540 rule 38/0(match): pass in on xl0: 192.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
                        Apr 23 17:57:56 pf: 23. 546766 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
                        Apr 23 17:57:32 pf: 86. 472199 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48

                        Windows reporting time period exspired

                        Here are the rules

                        UDP  *  *  *  123 (NTP)  *  NTP Rule

                        • LAN net  *  *  *  *  Default LAN -> any

                        Update

                        Removed the first rule and it looks to have returned again. I think I may have found something not 100% sure but it does fail on the first appemt but does complete on the second third and forth attempt.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.