Is smf22 using bridge mode though? That's where the problem lies.
Yes I am using bridge mode. And your question has prompted me to include a signature with my setup. Hope you don't mind me stealing yours
@banger: Where you're going wrong is expecting the modem to be able to resolve the NTP server IP address. As I mentioned, I couldn't find anywhere that would allow me to add a DNS server to the ZyXel configuration, so as I saw it there were two options:
- Configure the NTP server IP address in the ZyXel 'Time' settings so there is no DNS lookup
- Add the NTP server name and IP address to the /etc/hosts file so the IP is locally resolved
I chose the first option and hence the three IP addresses, 87.124.126.49, 193.150.34.2 and 178.79.152.182, seen in the 'ps' output and in the modem configuration picture. This is the main difference to the configuration where the NTP server is defined as a name e.g., pool.ntp.org, time.nist.gov and ntp1.tummy.com as seen in the 'ps' output that 22over7 included
here.
But there's one crucial step I omitted from my previous post. As @banger said he couldn't ping the NTP server I thought I'd capture this to include in the post. When I did this I found the following:
~ # ping 193.150.34.2
PING 193.150.34.2 (193.150.34.2): 56 data bytes
Request timed out
Request timed out
Request timed out
Request timed out
--- 193.150.34.2 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
Running a packet capture on my router I could see the ping 'echo request' being sent by the ZyXel and the 'echo reply' from the NTP server.
smf22@erx1:~$ sudo tcpdump -n -i switch0.101 host 192.168.1.250 and icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on switch0.101, link-type EN10MB (Ethernet), capture size 262144 bytes
08:21:31.450801 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 0, length 64
08:21:31.459912 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 0, length 64
08:21:32.450075 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 1, length 64
08:21:32.459362 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 1, length 64
08:21:33.449793 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 2, length 64
08:21:33.459116 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 2, length 64
08:21:34.449449 IP 192.168.1.250 > 193.150.34.2: ICMP echo request, id 22173, seq 3, length 64
08:21:34.458591 IP 193.150.34.2 > 192.168.1.250: ICMP echo reply, id 22173, seq 3, length 64
This was when I remembered that I'd previously disabled the firewall on the ZyXel. This shouldn't be done if using the device as a router, but it's fine in bridge mode where the LAN interface is behind a firewall. Oddly enough when I checked this I found the firewall disabled just as I'd left it. On the off chance I re-enabled and disabled it and then found that ping worked again:
~ # ping 193.150.34.2
PING 193.150.34.2 (193.150.34.2): 56 data bytes
64 bytes from 193.150.34.2: seq=0 ttl=54 time=9.723 ms
64 bytes from 193.150.34.2: seq=1 ttl=54 time=9.505 ms
64 bytes from 193.150.34.2: seq=2 ttl=54 time=10.004 ms
64 bytes from 193.150.34.2: seq=3 ttl=54 time=9.750 ms
--- 193.150.34.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 9.505/9.745/10.004 ms
And if I run another packet capture on my router I also see NTP packets between the ZyXel and the configured NTP servers:
smf22@erx1:~$ sudo tcpdump -n -i switch0.101 host 192.168.1.250 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on switch0.101, link-type EN10MB (Ethernet), capture size 262144 bytes
08:23:09.831705 IP 192.168.1.250.39521 > 87.124.126.49.123: NTPv3, Client, length 48
08:23:09.851436 IP 87.124.126.49.123 > 192.168.1.250.39521: NTPv3, Server, length 48
08:23:10.837461 IP 192.168.1.250.45917 > 193.150.34.2.123: NTPv3, Client, length 48
08:23:10.847203 IP 193.150.34.2.123 > 192.168.1.250.45917: NTPv3, Server, length 48
08:23:11.839234 IP 192.168.1.250.40163 > 178.79.152.182.123: NTPv3, Client, length 48
08:23:11.848962 IP 178.79.152.182.123 > 192.168.1.250.40163: NTPv3, Server, length 48
08:23:27.838023 IP 192.168.1.250.53311 > 87.124.126.49.123: NTPv3, Client, length 48
08:23:27.857350 IP 87.124.126.49.123 > 192.168.1.250.53311: NTPv3, Server, length 48
So in summary:
- In the ZyXel 'Time' configuration, instead of using the NTP servers listed in the 'drop down', select 'Other' and configure the IP address of your chosen NTP servers.
- In the 'routing' configuration define a static route for each of your chosen NTP server IP addresses.
- Disable the IPv4 firewall
So things do work as I (eventually) described, but given what I found this morning, it does appear to stop working after a period. Another something to keep an eye on.