[ntp:questions] Is it possible to run ntpd server behind a firewall?

David L. Mills mills at udel.edu
Wed Oct 17 16:15:02 UTC 2007


Guys,

My request for the 123/UDP and 123/TCP port number predated the IANA 
some twenty years ago. I wanted to be sure some ill-mannered rascal 
didn't poach on 123/TCP. My reasoning was that TCP might someday be used 
for monitoring purposes. For the basic on-wire protocol, UDP is the only 
choice. Should your network administrator object, he/she gets to use 
TCP/DAYTIME or TCP/TIME. You might have trouble finding a server that 
supports that. NIST has stood down TCP on the busiest servers, as it is 
a clogging vulnerability with thousands of users.

Dave

Shaochun Wang wrote:

> Danny Mayer wrote:
> 
>> Shaochun Wang wrote:
>>
>>> The stupid net administrator of my institute blocked all UDP datagram
>>> in the firewall. I know that NTP uses UDP to do its work, but is it
>>> possible to let ntpd use TCP?
>>
>>
>> No.  You cannot "let" ntpd use TCP. NTP is a UDP-only protocol. Talk to
>> your net admin. Maybe he can set up a NTP server on the firewall.
>>
>> Danny
> 
> 
> But why the following entry exists in /etc/services file?
> 
> ntp             123/tcp                         # Network Time Protocol
> 




More information about the questions mailing list