[ntp:questions] Re: uk pool problem

Per Hedeland per at hedeland.org
Tue Sep 5 20:53:30 UTC 2006


In article <aNGdnapm7rU_NWDZnZ2dnUVZ_vOdnZ2d at comcast.com> "Richard
B. Gilbert" <rgilbert88 at comcast.net> writes:
>Danny Mayer wrote:
>> David Woolley wrote:
>> 
>>>For several years now, it has been almost essential that it does respond
>>>to client requests from other ports, because of network address translation.
>>
>> I hope NAT does not REQUIRE different port numbers.
>
>NAT maps public address + port to (RFC 1918) private address + port.  So 
>a system with an RFC 1918 address 192.168.1.20 will send an NTP packet 
>from port 123 and the NAT router will map it to 68.44.203.111 port 
>xxxxx.  When you reply to 68.44.203.111 port xxxxx the router knows to 
>map it to 192.168.1.20 port 123.
>
>So yes, in a sense, NAT does require "different" port numbers.

Well, it doesn't require *different* port numbers (not sure what you
mean with the quotes), i.e. it's perfectly possible (and generally
desirable IMHO) for xxxxx to be 123 - as long as there is only one
internal address sending from 123. YMMV depending on the capabilities of
your NAT device of course, but it's certainly technically possible, and
trivial to do with something like ipfilter on a *nix box.

--Per Hedeland
per at hedeland.org




More information about the questions mailing list