[ntp:questions] Re: uk pool problem

Per Hedeland per at hedeland.org
Wed Sep 6 19:05:16 UTC 2006

In article <44FEB941.7010105 at comcast.net> "Richard B. Gilbert"
<rgilbert88 at comcast.net> writes:
>Per Hedeland wrote:
>> In article <aNGdnapm7rU_NWDZnZ2dnUVZ_vOdnZ2d at comcast.com> "Richard
>> B. Gilbert" <rgilbert88 at comcast.net> writes:
>>>Danny Mayer wrote:
>>>>David Woolley wrote:
>>>>>For several years now, it has been almost essential that it does respond
>>>>>to client requests from other ports, because of network address translation.
>>>>I hope NAT does not REQUIRE different port numbers.
>>>NAT maps public address + port to (RFC 1918) private address + port.  So 
>>>a system with an RFC 1918 address will send an NTP packet 
>>>from port 123 and the NAT router will map it to port 
>>>xxxxx.  When you reply to port xxxxx the router knows to 
>>>map it to port 123.
>>>So yes, in a sense, NAT does require "different" port numbers.
>> Well, it doesn't require *different* port numbers (not sure what you
>> mean with the quotes), i.e. it's perfectly possible (and generally
>> desirable IMHO) for xxxxx to be 123 - as long as there is only one
>> internal address sending from 123. YMMV depending on the capabilities of
>> your NAT device of course, but it's certainly technically possible, and
>> trivial to do with something like ipfilter on a *nix box.
>If there is only one system using NTP through the router/firewall, you 
>are correct; port 123 can and probably will be used.

Yes, that's what I think I said:-) ("as long as...").

--Per Hedeland
per at hedeland.org

More information about the questions mailing list