[ntp:questions] Is it possible to run ntpd server behind a firewall?
David L. Mills
mills at udel.edu
Wed Oct 17 16:15:02 UTC 2007
My request for the 123/UDP and 123/TCP port number predated the IANA
some twenty years ago. I wanted to be sure some ill-mannered rascal
didn't poach on 123/TCP. My reasoning was that TCP might someday be used
for monitoring purposes. For the basic on-wire protocol, UDP is the only
choice. Should your network administrator object, he/she gets to use
TCP/DAYTIME or TCP/TIME. You might have trouble finding a server that
supports that. NIST has stood down TCP on the busiest servers, as it is
a clogging vulnerability with thousands of users.
Shaochun Wang wrote:
> Danny Mayer wrote:
>> Shaochun Wang wrote:
>>> The stupid net administrator of my institute blocked all UDP datagram
>>> in the firewall. I know that NTP uses UDP to do its work, but is it
>>> possible to let ntpd use TCP?
>> No. You cannot "let" ntpd use TCP. NTP is a UDP-only protocol. Talk to
>> your net admin. Maybe he can set up a NTP server on the firewall.
> But why the following entry exists in /etc/services file?
> ntp 123/tcp # Network Time Protocol
More information about the questions