This is a rehash of another question, now that I understand things a bit better.
I have the following network set up:
NTP
10.21.3.169
| \______________
| \
10.21.3.160 (eth1) |
L1 |
10.0.0.67 (eth0) |
| |
| |
10.0.0.65 (pcn1) |
OpenBSD |
10.0.0.51 (pcn0) |
| |
| |
10.0.0.49 (eth1) 10.21.3.159 (eth0)
L2
Where L1 and L2 are Linux boxes.
I would like the OpenBSD box to be able to get the time from the NTP server. I have been told that to achieve this I need to make some changes to the OpenBSD box's /etc/pf.conf file.
My initial attempt is as follows. I know I will also need to make some changes to iptables on the Linux box, but for the moment tcpdump udp on the Linux box doesn't show any traffic coming through from the OpenBSD box, I'm assuming that the NTP client's request isn't being properly routed to the Linux box.
rdr on pcn1 proto udp from any to any port 123 -> 10.0.0.67
nat on pcn0 proto udp from any to 10.0.0.67 port 123 -> pcn1
I am updating the OpenBSD box's configuration with the following command:
pfctl -F all ; pfctl -f /etc/pf.conf
And I am doing the ntp update with the following command to see what happens:
ntpd -d -s
I am using 'traditional' ntp, not OpenNTP.
What do I need to change in pf.conf to see UDP packets arriving on L1? Just to reiterate, the PF configuration is on the same machine that I will be running the ntpd client on.
