[ntp:questions] Interface restrictions confusing me

Juergen Beisert juergen at kreuzholzen.de
Wed Oct 7 07:08:42 UTC 2009


Hi list,

I'm running ntpd at one of my hosts as a client only. It should not provide
the ntp service to other hosts in my net. So I'm using the following line in
my /etc/ntpd.conf:

  restrict default kod nomodify notrap nopeer noserve

and starting the ntp with the additional "-I lo" parameter.

When the ntp starts, it outputs:

Oct  7 09:04:56 localhost ntpd[730]: ntpd 4.2.4p7 at 1.1607 Mon Oct  5 15:00:15 UTC 2009 (3)
Oct  7 09:04:56 localhost ntpd[731]: precision = 8.000 usec
Oct  7 09:04:56 localhost ntpd[731]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
Oct  7 09:04:56 localhost ntpd[731]: Listening on interface #0 wildcard, 0.0.0.0#123 Disabled
Oct  7 09:04:56 localhost ntpd[731]: Listening on interface #1 lo, 127.0.0.1#123 Enabled
Oct  7 09:04:56 localhost ntpd[731]: Listening on interface #2 eth0, 192.168.1.1#123 Disabled
Oct  7 09:04:56 localhost ntpd[731]: kernel time sync status 0040
Oct  7 09:04:56 localhost ntpd[731]: frequency initialized 0.000 PPM from /var/cache/ntp.drift

But from another host:

$ nmap -sU the_other_host -p 123

Starting Nmap 4.68 ( http://nmap.org ) at 2009-10-07 09:04 CEST
Interesting ports on the_other_host (192.168.1.1):
PORT    STATE         SERVICE
123/udp open|filtered ntp
[...]

Why is port 123 open on eth0?

Regards,
Juergen




More information about the questions mailing list