kind of "ntp relay"|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by Laurent on February 2, 2010, 8:34 am
Please log in for more thread options
Hi! My old 3640 router (192.168.254.1/24) just died. RIP. I put in its place a 1600 (12.0 ios) wich does not work as ntp server. As all my computers connect to it to set their time and date, and since I have a second ntp server (192.168.254.13), i thought to do double-nat (source and destination) on ntp port.. Of course, I only have one ethernet interface, and only one net (192.168.254.0/24). 254.0/24 --> 254.1:ntp ==> 254.1 --> 254.13:ntp and back..
Here is the configuration I made : interface Loopback0 ip address 192.168.253.1 255.255.255.252 ip nat inside ! interface Ethernet0 ip address 192.168.254.1 255.255.255.0 ip nat outside ip policy route-map Ntp ! ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123 ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123 ! access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp route-map Ntp permit 10 match ip address 101 set ip next-hop 192.168.253.2 ... but it doesn't work. It just do destination nat, then packets don't return to the correct source, and of course, they are dropped. :( Someone could tell me what I've done bad ? thank you :) | ||||||||||
|
Posted by bod43 on February 3, 2010, 12:49 am
Please log in for more thread options > Hi!
> > My old 3640 router (192.168.254.1/24) just died. RIP. > I put in its place a 1600 (12.0 ios) wich does not work as ntp server. > > As all my computers connect to it to set their time and date, and since > I have a second ntp server (192.168.254.13), i thought to do double-nat > (source and destination) on ntp port.. > > Of course, I only have one ethernet interface, and only one net > (192.168.254.0/24). > > 254.0/24 --> 254.1:ntp =A0 =3D=3D> 254.1 --> 254.13:ntp =A0 and back.. > > Here is the configuration I made : > > interface Loopback0 > =A0ip address 192.168.253.1 255.255.255.252 > =A0ip nat inside > ! > interface Ethernet0 > =A0ip address 192.168.254.1 255.255.255.0 > =A0ip nat outside > =A0ip policy route-map Ntp > ! > ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123 > ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123 > ! > access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp > route-map Ntp permit 10 > =A0match ip address 101 > =A0set ip next-hop 192.168.253.2 > > ... but it doesn't work. It just do destination nat, then packets don't > return to the correct source, and of course, they are dropped. :( > > Someone could tell me what I've done bad ? > > thank you :) Maybe you should be using ip nat inside destination instead of outside source? I have never understood the difference between outside source and inside dest. But then I think I have only done double nat on cisco once. Annoyingly it was my first ever NAT job and it hurt my head a lot - I still remember it after about twelve years though:) | ||||||||||
|
Posted by bod43 on February 3, 2010, 12:58 am
Please log in for more thread options
>
> > > > Hi!
>
> > My old 3640 router (192.168.254.1/24) just died. RIP.
> > I put in its place a 1600 (12.0 ios) wich does not work as ntp server. >
> > As all my computers connect to it to set their time and date, and since
> > I have a second ntp server (192.168.254.13), i thought to do double-nat > > (source and destination) on ntp port.. >
> > Of course, I only have one ethernet interface, and only one net
> > (192.168.254.0/24). >
> > 254.0/24 --> 254.1:ntp =A0 =3D=3D> 254.1 --> 254.13:ntp =A0 and back..
>
> > Here is the configuration I made :
>
> > interface Loopback0
> > =A0ip address 192.168.253.1 255.255.255.252 > > =A0ip nat inside > > ! > > interface Ethernet0 > > =A0ip address 192.168.254.1 255.255.255.0 > > =A0ip nat outside > > =A0ip policy route-map Ntp > > ! > > ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123 > > ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123 > > ! > > access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp > > route-map Ntp permit 10 > > =A0match ip address 101 > > =A0set ip next-hop 192.168.253.2 >
> > ... but it doesn't work. It just do destination nat, then packets don't
> > return to the correct source, and of course, they are dropped. :( >
> > Someone could tell me what I've done bad ?
>
> > thank you :)
>
> Maybe you should be using ip nat inside destination > instead of outside source? > > I have never understood the difference between outside > source and inside dest. But then I think I have only > done double nat on cisco once. Annoyingly it was my > first ever NAT job and it hurt my head a lot - I still > remember it after about twelve years though:) I have read your post more thoroughly now and see that you are doing router on a stick. This will all be very problematic. You need to make sure that you don't get ICMP redirects otherwise the router will get bypassed. I guess you already checked that the source port for ntp is 123? Seems not unreasonable I suppose. that you are | ||||||||||
| Similar Threads | Posted |
| kind of "ntp relay" | February 2, 2010, 8:34 am |
| What kind of signal needs to go into FXO? | July 23, 2005, 7:03 am |
| All kind of download just here | October 23, 2005, 7:51 pm |
| how can i do this kind of redirection with pix? | February 19, 2008, 12:49 am |
| What kind of cisco firewall should I choose? | November 18, 2005, 8:05 am |
| How to find out what kind of GBIC is installed in the CAT switch. | March 1, 2006, 5:45 pm |
| A kind data structure and arithmetic for subnetting | April 30, 2006, 10:36 pm |
| A kind of arithmetic for subnetting and ip address management | May 8, 2006, 5:32 am |
| DNS Relay on Cisco? | January 5, 2006, 10:19 am |
| Frame-Relay and PPP Help | April 13, 2006, 5:02 pm |
| dns relay(through dhcp)... | July 26, 2006, 6:07 pm |
| DHCP Relay through VPN | September 27, 2006, 12:18 pm |
| DHCP Relay with Pix 501 | October 12, 2006, 8:52 pm |
| DHCP relay and VPN | December 8, 2006, 6:22 pm |
| Frame Relay>>>>>Do we need a CSU/DSU? | March 27, 2007, 5:03 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |