[ previous ] [ next ] [ threads ]
 
 From:  "Brandon Holland" <brandon at cookssaw dot com>
 To:  "'Fred Weston'" <Fred at daytonawan dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Feature request which would make m0n0wall even better ;)
 Date:  Sat, 24 Jan 2004 15:09:11 -0600
-----Original Message-----
From: Fred Weston [mailto:Fred at daytonawan dot com] 
Sent: Saturday, January 24, 2004 2:58 PM
To: Richard Morrell
Cc: Brandon Holland; 'fisch'; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Feature request which would make m0n0wall even
better ;)

Richard Morrell wrote:

>Personally.... I think NTP on a firewall is pointless. You don't find 
>Sonicwall, Watchguard, Checkpoint doing it. Any NAT'ing firewall will 
>allow you to use any one of 30000 public NTP servers so whats the issue
?
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>  
>
>You could argue that a larger network might benefit from the reduced 
>Internet bandwidth with a local NTP server, but I agree that the amount

>of bandwidth is so miniscule that it's not a pressing issue.

Fred, you can't argue even THAT point, since not having an NTP server on
your m0n0 doesn't restrict you from having one on your internal network
somewhere - one that even grabs time from a tier 1 server in California
for example.

As with what I wrote prior, it's more secure to use an internal NTP
server than one sitting right there, directed connected on your
firewall.

The service "breaking" on your firewall could mean, one of all kinds of
lovely things.  (Key possibilities being freezing, slow downs or even
being compromised)

Case in point: You can still use an ntp, but don't put a non-essential
service for firewall function on your firewall!

Placing unneeded services on a firewall is just a bad idea.