Implemented adamONE NTP Best Practices.
Cannot sync NTP to UTM Guest OS. Installed NTP service, confirmed running however NTP service port is blocked. Outgoing to NTP servers is OK however return not getting back in. Refer to screen shots for configuration.
Host: mac-mini
Host OS: macOS Sequoia 15.1
Host OS Gateway IP: 10.0.1.1
UTM version: 4.5.4
UTM Guest OS: Ubuntu 24.04 LTS Server
Ubuntu IP address assigned: 192.168.64.5 (DHCP)
NAT port forward 192.168.64.5 IP assigned Ubuntu client to this firewall destination port 123 NAT IP 127.0.0.1. Also added corresponding FW rule to LAN to allow outgoing traffic
I have extra knowledge because you posted your firewall rules in a PM to me. It would be good if you posted them here as well.
Have a look at your first port forward rule. It will redirect the Ubuntu traffic before it has a chance to hit your UTM rule. The first firewall rule triggered (generally) stops all further rule processing.
I think you need to add your UTM to the Linn_DSM group but I don’t even know if that will work.
Otherwise, create a “Disable Redirection” rule like this one of mine:
I posted the LAN FW rules and NAT port forward rules.
Note: The first NAT rule for the LAN interface does hit the UTM rule. The rule above is for AVLAN interface.
Changed UTM network connection from shared network to an emulated vlan which connects the new VLAN to this virtual machine. This VLAN is created in userspace and requests from the VM will be seen by the host operating system as originating from the UTM process. IP address assigned to guest VM VLAN is 10.0.2.15, default route 10.0.2.2, dns 10.0.2.3
Still no outbound connection to NTP servers from UTM guest OS.
Refer to ifconfig screenshot, note the virtual adapter: enp01s1 has the assigned IP 10.0.2.15.
PFsense cannot reach this virtual adapter. I think this is the problem? I cannot setup the new UTM VLAN on pfsense router because the VM adapter is not visible.
What is your third rule supposed to be doing? It says any NTP from 10.0.2.15 not going to the firewall, redirect to localhost. I don’t thik that is what you want.
I am guessing you are running VirtualBox from your LAN IP? Isn’t that the NAT’d IP and you really need to allow the host IP in pfSense and not the guest IP? What do you get when you traceroute from the UTM to the pfSense Lan IF or beyond? Alternatively try bridging the hypervisor NIC so your UTM gets an IP on your pfSense LAN.
TBH this looks more like a networking problem rather than an adam:ONE issue.
