kind of "ntp relay"

Discussion in 'Cisco' started by Laurent, Feb 2, 2010.

  1. Laurent

    Laurent Guest

    Hi!

    My old 3640 router (192.168.254.1/24) just died. RIP.
    I put in its place a 1600 (12.0 ios) wich does not work as ntp server.

    As all my computers connect to it to set their time and date, and since
    I have a second ntp server (192.168.254.13), i thought to do double-nat
    (source and destination) on ntp port..

    Of course, I only have one ethernet interface, and only one net
    (192.168.254.0/24).

    254.0/24 --> 254.1:ntp ==> 254.1 --> 254.13:ntp and back..

    Here is the configuration I made :

    interface Loopback0
    ip address 192.168.253.1 255.255.255.252
    ip nat inside
    !
    interface Ethernet0
    ip address 192.168.254.1 255.255.255.0
    ip nat outside
    ip policy route-map Ntp
    !
    ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123
    ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123
    !
    access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp
    route-map Ntp permit 10
    match ip address 101
    set ip next-hop 192.168.253.2


    .... but it doesn't work. It just do destination nat, then packets don't
    return to the correct source, and of course, they are dropped. :(


    Someone could tell me what I've done bad ?

    thank you :)
    Laurent, Feb 2, 2010
    #1
    1. Advertising

  2. Laurent

    bod43 Guest

    On 2 Feb, 13:34, Laurent <> wrote:
    > Hi!
    >
    > My old 3640 router (192.168.254.1/24) just died. RIP.
    > I put in its place a 1600 (12.0 ios) wich does not work as ntp server.
    >
    > As all my computers connect to it to set their time and date, and since
    > I have a second ntp server (192.168.254.13), i thought to do double-nat
    > (source and destination) on ntp port..
    >
    > Of course, I only have one ethernet interface, and only one net
    > (192.168.254.0/24).
    >
    > 254.0/24 --> 254.1:ntp   ==> 254.1 --> 254.13:ntp   and back..
    >
    > Here is the configuration I made :
    >
    > interface Loopback0
    >  ip address 192.168.253.1 255.255.255.252
    >  ip nat inside
    > !
    > interface Ethernet0
    >  ip address 192.168.254.1 255.255.255.0
    >  ip nat outside
    >  ip policy route-map Ntp
    > !
    > ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123
    > ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123
    > !
    > access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp
    > route-map Ntp permit 10
    >  match ip address 101
    >  set ip next-hop 192.168.253.2
    >
    > ... but it doesn't work. It just do destination nat, then packets don't
    > return to the correct source, and of course, they are dropped. :(
    >
    > Someone could tell me what I've done bad ?
    >
    > thank you :)


    Maybe you should be using ip nat inside destination
    instead of outside source?

    I have never understood the difference between outside
    source and inside dest. But then I think I have only
    done double nat on cisco once. Annoyingly it was my
    first ever NAT job and it hurt my head a lot - I still
    remember it after about twelve years though:)
    bod43, Feb 3, 2010
    #2
    1. Advertising

  3. Laurent

    bod43 Guest

    On 3 Feb, 05:49, bod43 <> wrote:
    > On 2 Feb, 13:34, Laurent <> wrote:
    >
    >
    >
    > > Hi!

    >
    > > My old 3640 router (192.168.254.1/24) just died. RIP.
    > > I put in its place a 1600 (12.0 ios) wich does not work as ntp server.

    >
    > > As all my computers connect to it to set their time and date, and since
    > > I have a second ntp server (192.168.254.13), i thought to do double-nat
    > > (source and destination) on ntp port..

    >
    > > Of course, I only have one ethernet interface, and only one net
    > > (192.168.254.0/24).

    >
    > > 254.0/24 --> 254.1:ntp   ==> 254.1 --> 254.13:ntp   and back..

    >
    > > Here is the configuration I made :

    >
    > > interface Loopback0
    > >  ip address 192.168.253.1 255.255.255.252
    > >  ip nat inside
    > > !
    > > interface Ethernet0
    > >  ip address 192.168.254.1 255.255.255.0
    > >  ip nat outside
    > >  ip policy route-map Ntp
    > > !
    > > ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123
    > > ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123
    > > !
    > > access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp
    > > route-map Ntp permit 10
    > >  match ip address 101
    > >  set ip next-hop 192.168.253.2

    >
    > > ... but it doesn't work. It just do destination nat, then packets don't
    > > return to the correct source, and of course, they are dropped. :(

    >
    > > Someone could tell me what I've done bad ?

    >
    > > thank you :)

    >
    > Maybe you should be using ip nat inside destination
    > instead of outside source?
    >
    > I have never understood the difference between outside
    > source and inside dest. But then I think I have only
    > done double nat on cisco once. Annoyingly it was my
    > first ever NAT job and it hurt my head a lot - I still
    > remember it after about twelve years though:)


    I have read your post more thoroughly now and see that
    you are doing router on a stick. This will all be
    very problematic. You need to make sure that you
    don't get ICMP redirects otherwise the router will get
    bypassed. I guess you already checked that the source port
    for ntp is 123? Seems not unreasonable I suppose.
    that you are
    bod43, Feb 3, 2010
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c2hhZG8yODI=?=

    Router problems of a different kind

    =?Utf-8?B?c2hhZG8yODI=?=, Jan 31, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    532
    Malke
    Jan 31, 2005
  2. Hernán Castelo

    what kind of client do i need ??

    Hernán Castelo, May 10, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    437
    oldguy
    May 11, 2005
  3. Charles

    Kind of hard, really

    Charles, Aug 11, 2004, in forum: Firefox
    Replies:
    12
    Views:
    700
    Charles
    Aug 12, 2004
  4. Douw Gerber
    Replies:
    1
    Views:
    848
  5. Han Valk
    Replies:
    1
    Views:
    412
    Hansang Bae
    Jan 28, 2004
Loading...

Share This Page