[ntp:questions] Synchronizing Linux clients with Windows Server 2003 NTP

Ry malayter at gmail.com
Thu Jan 18 16:27:10 UTC 2007

Richard B. Gilbert wrote:

> Isn't port 123 UDP inbound required as well?

Not on a stateful firewall, which are the most common type these days.
In most firewall configuration tools, "allow UDP port 123 outbound"
means that when a outbound packet is sent, the firewall will remember
seeing it (that's the *stateful* part) allow a return UDP packet(s)
from the destination IP and source port for a few seconds before
closing things off again.

This assumes all he is doing is configuring his NTP to act as a client
to an internet-based NTP server. If he is going to be using
symmetric/active or another mode, that's going to require allowing UDP
port 123 inbound. But it doesn't seem to me that he would need to do
anything like that.

More information about the questions mailing list