[ntp:questions] Re: uk pool problem

Richard B. Gilbert rgilbert88 at comcast.net
Wed Sep 6 12:04:17 UTC 2006

Per Hedeland wrote:
> In article <aNGdnapm7rU_NWDZnZ2dnUVZ_vOdnZ2d at comcast.com> "Richard
> B. Gilbert" <rgilbert88 at comcast.net> writes:
>>Danny Mayer wrote:
>>>David Woolley wrote:
>>>>For several years now, it has been almost essential that it does respond
>>>>to client requests from other ports, because of network address translation.
>>>I hope NAT does not REQUIRE different port numbers.
>>NAT maps public address + port to (RFC 1918) private address + port.  So 
>>a system with an RFC 1918 address will send an NTP packet 
>>from port 123 and the NAT router will map it to port 
>>xxxxx.  When you reply to port xxxxx the router knows to 
>>map it to port 123.
>>So yes, in a sense, NAT does require "different" port numbers.
> Well, it doesn't require *different* port numbers (not sure what you
> mean with the quotes), i.e. it's perfectly possible (and generally
> desirable IMHO) for xxxxx to be 123 - as long as there is only one
> internal address sending from 123. YMMV depending on the capabilities of
> your NAT device of course, but it's certainly technically possible, and
> trivial to do with something like ipfilter on a *nix box.
> --Per Hedeland
> per at hedeland.org

If there is only one system using NTP through the router/firewall, you 
are correct; port 123 can and probably will be used.  If you have more 
than one then the others will be mapped to some other port.  This only 
applies to NAT; if you have routable addresses and a real router, there 
is no need to change or map the original port numbers.

More information about the questions mailing list