[ntp:questions] Re: ntp server behind ADSL alcatel speedtouch 510 firewall not responding.

Remko Bolt marem at concepts.nl
Tue Dec 21 13:24:29 UTC 2004

Ronan Flood wrote:
> NTP doesn't use TCP, so you can't telnet to port 123. You can remove tcp/123
> from your firewall permissions.

> If you have shell access to an external host with the NTP software installed,
> try ntpdate -q ntp.cluebox.org.

I dialed out with pots and used the -d flag, it didn't work. Just temporarily
configured the alcatel to use the "default server" option which forwards ALL to
the server, then it works.

Two possibillities:
1 - The alcatel firewall is misbehaving.
2 - ntp is trying to open exrta ports.

I understand that:
An NTP client-to-server query has source port above 1023, destination port 123
means, the client sends it out it's own port for example 1024 and it listening
for a reply there, but sends it to port 123 of the server.

An NTP server-to-client response - source port 123, destination port above 1023
means, the server sends it out port 123 to port 1024 of the client.

So that leaves the alcatel to be at fault.



More information about the questions mailing list