I'm trying to set up NTP redirects across my network using DNAT, but am running into issues where clients are still reaching outside NTP pools and bypassing my NAT rule.
I have the following set up under Destination NAT:
Interface: VLAN_2212, VLAN_2224, VLAN_2248, VLAN_2296 (i.e. all VLAN interfaces within my network)
Version: IPv4
Protocol: TCP/UDP
Source: all empty
Destination invert: checked
Destination address: This Firewall
Destination port: 123
Redirect target IP: This Firewall
Redirect port: 123
Firewall rule: Pass
I cloned this rule from a DNS redirect that seems to be working, so hopefully someone can tell me what I'm missing.
Any difference if you change "Redirect Target IP" to 127.0.0.1?
Quote from: OPNenthu on Today at 03:28:29 AMAny difference if you change "Redirect Target IP" to 127.0.0.1?
No, I tried an alias I have called localhost that points to 127.0.0.1 but that doesn't change anything.
IPv6? When your clients use DNS names for the NTP servers, IPv6 is preferred and you need a second rule for it. Note that ::1 and LL-addresses do not work as targets for redirection, so you have to use a GUA or ULA (e.g. as virtual IP).
>>>>
Protocol: TCP/UDP
Source: all empty
Destination invert: checked
Destination address: This Firewall
Destination port: 123
Redirect target IP: This Firewall
>>>>
You have a few errors. Here's what you need to change:
Protocol: UDP
Source: any
Destination invert: UNchecked
Destination address: any
Destination port: 123
Redirect target IP: 127.0.0.1