Choose interface for listening
-
Hi,
I'm running pfsense 2.1.3 and I'm wondering how to configure on which interface ntp (slave) and updater should listen.
Usually the WAN interface (where these services are listening) is connected to the internet and there is no problem. But in my network I have "transport networks" on the WAN interfaces and ntp and the updater does not work.
If these services could be configured somewhere or would listen on a LAN interface they should work I think.
Has someone else run into that problems and already solved that?TIA!
-
As far as I know, NTP talks upstream on the WAN interface only and serves to clients on whatever interfaces you select in Services - NTP. I don't know if you can change this behaviour. Even if you could, unless you've got your own atomic clock on your LAN, how would you get the time from LAN?
-
…because LAN (interface) has usually access to the internet, but not any "transport network".
Regards
-
LAN only has access to the Internet via WAN, no? So if you can't get the time via WAN…? Maybe I'm not understanding your problem, sorry.
-
No - Wan Interface has no Internet Access - thats the problem! Internet Access is elsewhere…..
WAN interface on pfSense1 has no Internet. But NTP is Listening on this interface. When I can change NTP to LAN Interface everything would be ok. On pfSense2 NTP is working because it has Internet Connection.WAN / Internet
:
: DialUp-/PPPoE-/Cable-/whatever-Provider
:
.-----+-----.
| Gateway | (or Router, CableModem, whatever)
'-----+-----'
|
WAN | IP or Protocol
|
.-----+-----. priv. DMZ .------------.
| pfSense2 +-------------+ DMZ-Server |
'-----+-----' 172.16.16.1 '------------'
|
WAN | 10.0.0.1/24
|
.-----+------.
| pfSense1|
'-----+------'
LAN | 192.168.5.0/24
...-----+------... (Clients/Servers) -
In your diagram the pfSense 1 box still has its WAN interface as the gateway to the pfSense2 box and then the internet in general.
You could run the NTP server on pfSense2 and have pfSense1 use that.
The NTP client uses the default route so you mighty change that.
You may be able to use a floating firewall rule to direct ntp requests.Steve
