[ntp:questions] Re: ntp server behind ADSL alcatel speedtouch 510 firewall not responding.
Ronan Flood
ronan at noc.ulcc.ac.uk
Tue Dec 21 17:09:36 UTC 2004
Remko Bolt <marem at concepts.nl> wrote:
> > try ntpdate -q ntp.cluebox.org.
>
> I dialed out with pots and used the -d flag, it didn't work. Just
> temporarily configured the alcatel to use the "default server" option
> which forwards ALL to the server, then it works.
>
> Two possibillities:
> 1 - The alcatel firewall is misbehaving.
> 2 - ntp is trying to open exrta ports.
>
> I understand that:
> An NTP client-to-server query has source port above 1023, destination
> port 123 means, the client sends it out it's own port for example 1024 and
> it listening for a reply there, but sends it to port 123 of the server.
>
> An NTP server-to-client response - source port 123, destination port above
> 1023 means, the server sends it out port 123 to port 1024 of the client.
>
> So that leaves the alcatel to be at fault.
Perhaps. The source port an NTP client uses can vary depending on
the circumstances. In the example above, "ntpdate -q" will indeed
use a high port but "ntpdate -d" will use port 123 as the source
port -- or at least it will try to, and fail if it can't get it.
You could try "ntpdate -du" which should use a high (unprivileged)
source port.
The diagnostic clients ntpq and ntpdc will use high source ports,
ntpd itself will use port 123; other time-setting clients will use
whatever they're programmed to.
--
Ronan Flood <R.Flood at noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)
More information about the questions
mailing list