[ previous ] [ next ] [ threads ]
 
 From:  Bart Smit <bit at pipe dot nl>
 To:  Jorgen Norrman <jurg at home dot se>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  ntp, bad idea (Re: [m0n0wall] Feature request which would make m0n0wall even better ;))
 Date:  Sun, 25 Jan 2004 12:48:53 +0100 
Jorgen Norrman wrote:

> It would be nice if m0n0wall could act as ntp server for the 
> lan/pptp/ipsec clients.

Apart from hairy questions about what set of features to support in the 
GUI, what reference clock drivers to include (if at all), etc., ntpd 
simply doesn't belong on a firewall.

If you really have the need for ntp in your network, you should set up 
an ntp server yourself, perhaps conveniently by running ntpd on one of 
your existing Unix, *BSD, or Linux boxes.

Also note that the suggestion to use external servers (in another post) 
is not necessarily a good one: if you have a dozen of clients, you don't 
want them all individually to go out to public servers. And if you must, 
*please* use pool.ntp.org as that is a round robin of servers that 
permit this kind of use.

Because of the ugliness oozing out of that last point, a reasonable 
compromise *could* be to support enough of the protocol to simply let 
m0n0wall report its own time. This will keep clients happy that don't 
run ntp themselves but only periodically call ntpdate. I don't know if 
such minimalistic ntp server code exists somewhere. I'll give it a google...

--B