[ntp:questions] Re: uk pool problem

Richard B. Gilbert rgilbert88 at comcast.net
Thu Sep 7 00:55:29 UTC 2006


Per Hedeland wrote:
> In article <44FEB941.7010105 at comcast.net> "Richard B. Gilbert"
> <rgilbert88 at comcast.net> writes:
> 
>>Per Hedeland wrote:
>>
>>>In article <aNGdnapm7rU_NWDZnZ2dnUVZ_vOdnZ2d at comcast.com> "Richard
>>>B. Gilbert" <rgilbert88 at comcast.net> writes:
>>>
>>>
>>>>Danny Mayer wrote:
>>>>
>>>>
>>>>>David Woolley wrote:
>>>>>
>>>>>
>>>>>
>>>>>>For several years now, it has been almost essential that it does respond
>>>>>>to client requests from other ports, because of network address translation.
>>>>>
>>>>>I hope NAT does not REQUIRE different port numbers.
>>>>
>>>>NAT maps public address + port to (RFC 1918) private address + port.  So 
>>>>a system with an RFC 1918 address 192.168.1.20 will send an NTP packet 
>>>
>>>>from port 123 and the NAT router will map it to 68.44.203.111 port 
>>>
>>>
>>>>xxxxx.  When you reply to 68.44.203.111 port xxxxx the router knows to 
>>>>map it to 192.168.1.20 port 123.
>>>>
>>>>So yes, in a sense, NAT does require "different" port numbers.
>>>
>>>
>>>Well, it doesn't require *different* port numbers (not sure what you
>>>mean with the quotes), i.e. it's perfectly possible (and generally
>>>desirable IMHO) for xxxxx to be 123 - as long as there is only one
>>>internal address sending from 123. YMMV depending on the capabilities of
>>>your NAT device of course, but it's certainly technically possible, and
>>>trivial to do with something like ipfilter on a *nix box.
>>
>>If there is only one system using NTP through the router/firewall, you 
>>are correct; port 123 can and probably will be used.
> 
> 
> Yes, that's what I think I said:-) ("as long as...").
> 
> --Per Hedeland
> per at hedeland.org

I think I stated it badly.  Try this.  If there is more than one system 
using NTP through a NAT router only one of them can use port 123 
externally; the router must map the second user to some port other than 123.




More information about the questions mailing list