Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

stussy (MIS) (OP)
5 Oct 05 7:49
Arghhhh this is driving me nuts!

I am trying to allow a win 2003 server to get time updates from an internet source. I'm trying to configure the firewall to forward port 123 info to 10.0.0.5

I've mimicked several WORKING port forwards, including pcanywhere and rdp, which have worked perfectly well for years, but nothing can get through on 123!

I've included our config below, if anyone can help I'll buy you a virtual beer!

set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set clock ntp
set clock "timezone" 0
set admin format dos
set admin name "admin"
set admin password xxxxxxxxxxxxxxxx
set admin user "xxxx" password "xxxxxxxxx" privilege "all"
set admin auth timeout 10
set admin auth server "Local"
set admin privilege read-write
set service "PCANY" protocol tcp src-port 0-65535 dst-port 5631-5631 group "other"
set service "PCADATA" protocol tcp src-port 0-65535 dst-port 5632-5632 group "other"
set service "RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 group "other"
set service "CAMERAS" protocol tcp src-port 0-65535 dst-port 80-80 group "other"
set service "SNTP" protocol udp src-port 0-65535 dst-port 123-123 group "other"
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "MGT" tcp-rst
set zone Untrust screen tear-drop
set zone Untrust screen syn-flood
set zone Untrust screen ping-death
set zone Untrust screen ip-filter-src
set zone Untrust screen land
set zone V1-Untrust screen tear-drop
set zone V1-Untrust screen syn-flood
set zone V1-Untrust screen ping-death
set zone V1-Untrust screen ip-filter-src
set zone V1-Untrust screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 10.0.0.1/24
set interface trust nat
set interface untrust ip xx.xx.xx.xx/28
set interface untrust nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface vlan1 ip manageable
set interface trust ip manageable
set interface untrust ip manageable
set interface untrust manage telnet
set interface untrust manage web
set interface untrust vip untrust 25 MAIL 10.0.0.1
set interface untrust vip untrust 110 POP3 10.0.0.1
set interface untrust vip untrust 5631 PCANY 10.0.0.108
set interface untrust vip untrust 5632 PCADATA 10.0.0.108
set interface untrust vip untrust 3389 RDP 10.0.0.105
set interface untrust vip untrust 123 SNTP 10.0.0.5
set flow tcp-mss
set hostname Longacres
set ntp server "ntp0.uk.uu.net"
set ntp interval 15
set address "Trust" "10.0.0.4" 10.0.0.4 255.255.255.255 "Created by vpn wizard"
set address "Trust" "10.0.0.4_0" 10.0.0.4 255.255.255.255 "Created by vpn wizard"
set address "Trust" "10.0.0.73" 10.0.0.73 255.255.255.0 "Created by vpn wizard"
set address "Global" "10.0.0.5/24" 10.0.0.5 255.255.255.0
set snmp name "xxxxxxx"
set ike policy-checking
set ike respond-bad-spi 1
set ike id-mode subnet
set xauth lifetime 480
set xauth default auth server Local
set policy id 2 name "Created by policy wizard" from "Untrust" to "Global"  "Any" "VIP::1" "POP3" Permit
set policy id 1 name "Created by policy wizard" from "Untrust" to "Global"  "Any" "VIP::1" "MAIL" Permit
set policy id 0 from "Trust" to "Untrust"  "Any" "Any" "ANY" Permit log
set policy id 3 from "Untrust" to "Trust"  "Any" "Any" "ANY" Permit
set policy id 4 from "Untrust" to "Trust"  "Any" "Any" "PCANY" Permit
set policy id 5 from "Untrust" to "Global"  "Any" "VIP::1" "PCANY" Permit
set policy id 6 from "Untrust" to "Global"  "Any" "VIP::1" "PCADATA" Permit
set policy id 9 from "Untrust" to "Global"  "Any" "VIP::1" "SNTP" Permit
set policy id 7 from "Untrust" to "Global"  "Any" "VIP::1" "RDP" Permit
set policy id 8 from "Untrust" to "Global"  "Any" "VIP::1" "CAMERAS" Permit
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set dns host dns1 195.184.228.6
set dns host dns2 195.184.228.7
set dns host schedule 00:00
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface untrust gateway xxxxxx
set route 11.0.0.0/24 interface trust gateway 10.0.0.180
set route 192.168.168.0/24 interface trust gateway 10.0.0.1
exit
MaxPipeline (Vendor)
6 Oct 05 14:16
Maybe there is more involved here.  Try debug flow basic with flow filters to and from NTP server on Internet to see if anything is getting dropped or misrouted.

set ff src-ip <IP of time source>
set ff dst-ip <IP of time source>
debug flow basic
cl db

# Capture instance of time update attempt

undebug all
get db stream

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close