[ntp:questions] Is it possible to run ntpd server behind a firewall?

David L. Mills mills at udel.edu
Wed Oct 17 16:15:02 UTC 2007


My request for the 123/UDP and 123/TCP port number predated the IANA 
some twenty years ago. I wanted to be sure some ill-mannered rascal 
didn't poach on 123/TCP. My reasoning was that TCP might someday be used 
for monitoring purposes. For the basic on-wire protocol, UDP is the only 
choice. Should your network administrator object, he/she gets to use 
TCP/DAYTIME or TCP/TIME. You might have trouble finding a server that 
supports that. NIST has stood down TCP on the busiest servers, as it is 
a clogging vulnerability with thousands of users.


Shaochun Wang wrote:

> Danny Mayer wrote:
>> Shaochun Wang wrote:
>>> The stupid net administrator of my institute blocked all UDP datagram
>>> in the firewall. I know that NTP uses UDP to do its work, but is it
>>> possible to let ntpd use TCP?
>> No.  You cannot "let" ntpd use TCP. NTP is a UDP-only protocol. Talk to
>> your net admin. Maybe he can set up a NTP server on the firewall.
>> Danny
> But why the following entry exists in /etc/services file?
> ntp             123/tcp                         # Network Time Protocol

More information about the questions mailing list