[ntp:questions] Re: uk pool problem
Richard B. Gilbert
rgilbert88 at comcast.net
Wed Sep 6 12:04:17 UTC 2006
Per Hedeland wrote:
> In article <aNGdnapm7rU_NWDZnZ2dnUVZ_vOdnZ2d at comcast.com> "Richard
> B. Gilbert" <rgilbert88 at comcast.net> writes:
>>Danny Mayer wrote:
>>>David Woolley wrote:
>>>>For several years now, it has been almost essential that it does respond
>>>>to client requests from other ports, because of network address translation.
>>>I hope NAT does not REQUIRE different port numbers.
>>NAT maps public address + port to (RFC 1918) private address + port. So
>>a system with an RFC 1918 address 192.168.1.20 will send an NTP packet
>>from port 123 and the NAT router will map it to 126.96.36.199 port
>>xxxxx. When you reply to 188.8.131.52 port xxxxx the router knows to
>>map it to 192.168.1.20 port 123.
>>So yes, in a sense, NAT does require "different" port numbers.
> Well, it doesn't require *different* port numbers (not sure what you
> mean with the quotes), i.e. it's perfectly possible (and generally
> desirable IMHO) for xxxxx to be 123 - as long as there is only one
> internal address sending from 123. YMMV depending on the capabilities of
> your NAT device of course, but it's certainly technically possible, and
> trivial to do with something like ipfilter on a *nix box.
> --Per Hedeland
> per at hedeland.org
If there is only one system using NTP through the router/firewall, you
are correct; port 123 can and probably will be used. If you have more
than one then the others will be mapped to some other port. This only
applies to NAT; if you have routable addresses and a real router, there
is no need to change or map the original port numbers.
More information about the questions