• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publishing NTP server to DMZ

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Publishing NTP server to DMZ Page: [1]
Login
Message << Older Topic   Newer Topic >>
Publishing NTP server to DMZ - 22.Mar.2003 8:52:00 PM   
lardoin

 

Posts: 7
Joined: 3.Mar.2003
From: Tulsa, OK
Status: offline
I have successfully pubished an internal syslog server on my private lan to my DMZ hosts. The DMZ hosts are logging to this server currently. This is a tri-homed ISA server. I am currently not able to successfully publish my internal NTP server to my DMZ hosts. I have created a new protocol definition called NTP Server Service using UDP Port 123 Receive/Send and no Secondary Connections. I bound the service to the DMZ interface of the ISA server using the IP address of the Internal NTP server and the DMZ IP address of the ISA Server. I have a Linux/IDS box that is able to talk to NTP servers on the Internet but is not able to talk to my Published Internal server. The internal NTP server is working correctly for my internal hosts. I have reviewed the Firewall logs and find entries when I start the fw "[Confused]" service that shows ports 514 and 123 are binding. Is there something wrong with my setup or have I missed something?
thanks in advance,
LA
Post #: 1
RE: Publishing NTP server to DMZ - 24.Mar.2003 4:13:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Lloyd,

Not sure what problems you're having, but how about using a public NTP server and packet filters? It doesn't make much sense for public hosts to synchronize time with private hosts when packet filters allow you direct access to public NTP servers.

HTH,
Tom

(in reply to lardoin)
Post #: 2
RE: Publishing NTP server to DMZ - 24.Mar.2003 3:40:00 PM   
lardoin

 

Posts: 7
Joined: 3.Mar.2003
From: Tulsa, OK
Status: offline
Hi Tom,
thanks for the quick response. I am currently doing just that. I just would feel more comfortable having my public hosts talking to my private NTP server than a public NTP server. It may or may not be more secure but I would like to have all my hosts talking to the same NTP server. What has got me flustered is that I have the syslog service published and working perfectly for my DMZ hosts. Seems like the setup should be no different for the other service with the exception of course that the syslog service only receives while NTP service also sends. Any help would be appreciated.

(in reply to lardoin)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Publishing NTP server to DMZ Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts