[ntp:questions] ISP bloked port 123

Miroslav Lichvar mlichvar at redhat.com
Wed Sep 18 10:17:27 UTC 2013

On Wed, Sep 18, 2013 at 09:53:44AM +0100, David Taylor wrote:
> On 18/09/2013 08:55, Bert Gøtterup Petersen wrote:
> >At the moment our best bet seem to be using 'ntpdate' on a
> >different port at regular intervals. From a SW perspective, this is
> >not nice nor elegant, but it would do the trick...

> If you have guaranteed Internet access,
> but with 123 blocked, then you could use:
> - the HTTP protocol on port 80, and get the header information which
> includes the time from a known page on a known reliable server - one
> of your own, of course!  You could use the Last-Modified or Expires
> times, both of which I expect that you could program to return the
> current date and time.  Should be OK for 5-minute accuracy.
> If the following ports are not blocked...
> - use the time protocol on port 37
> - use the daytime protocol on port 13

Or NTP can be used on a different port. ntpd doesn't seem to have a
configuration option to set the port number, but it can be easily
changed in the source code (NTP_PORT in ntp.h) and recompiled.

If it's ok to use a different NTP client, chrony has options to set
the local port and the remote port. If the local port is set to 0, the
port will be assigned randomly, effectively making it a client-only
mode (similar to ntpdate -u).

Miroslav Lichvar

More information about the questions mailing list