Dealing with China firewall


#1

I need some advice if I should keep on my little NTP server or just quit,

I joined NTP pool to volunteer my 20Mbits/s upload in Taiwan for years,
follow by setup recommendations, using NTPD and recommended configuration.

just recently discover I am not able to access part of China website for some reason,

as my ip address is kind of static by request, I can change it if I want,
so I do a few test around this,

once I changed my ip, I can access those china website for few days,
then I am blocked again.

I have ruled out most of my home server service which could have any complicate with network traffic to China,
as now I have around 10k pps request flood from China to my home server for NTP request,

my guess is China firewall intentional block my ip due to tremendous UDP traffic on chart.

any advise?


#2

Your server is in the tw or the cn zone? Sounds like we need (a lot) more servers in tw, too…

I’m pretty sure I know how to put together the features to “rebalance”, just need the time to type out the code (and test, etc etc …)


#3

in tw, but 90% of the NTP tracffic coming from China.


#4

here is a website that I can’t access once I got flag on Great Firewall

http://www.isdt.co/

once I score 10 and start serving NTP, I no longer able to access this site,
then I need to change my ip address if I wanna access any similar site locate in china.


#5

well the IPv4 server in Taiwan is down to 1,
is it possible to add server exclusively only serving Taiwan zone?

I found no solution to avoid blocking by Great Firewall once the NTP traffic floods torwards my server.


#6

I think you can try to send a mail to the pool project, mark your server as serving tw only. Then add an acl to your firewall, white list all tw IP rangs on udp123, deny others.
Forget the mighty GFW, it’s well fonded and nobody can shake it . :joy:


#7

Don’t forget to whitelist the pool monitor’s ip range, or you will remove yourself out of the pool.

==

The tw zone is in an ambiguous condition that I gave it up last week. The mighty 103.18.128.60 can handle all the ipv4 traffic (20k+pps), while other servers easily get knocked out every now and then. I suggested the dns would not always output 4 ips in a single query (which in fact breaks bandwidth setting and worsen the load to weak servers), but before this would be implemented, leaving tw zone is a better option for my weak server.