[ntp:questions] Strange NTP Problem
Helfrich Markus
helfrich at rz-zw.fh-kl.de
Thu Jul 31 13:05:11 UTC 2003
Hello,
i got a strange Problem with my NTP...
NTP server has the Adress 143.93.17.210
The internal Netwaork is connected via an CISCO PIX Firewall which
makes NAT.
If i query the ntp with Windows XP or ntpdate from the internal net
it doesn't work.
If i make a ntptrace the response is ok.
If a query from the sam subnet as the ntp (143.93.17.0 ) ok
a query of piblic ntp in this case Braunschweig (192.53.103.103)
works fine from internal and external net..
A query with ntpdate -u is also ok...
If the source port from the client is 123 the pix uses a privileged
port (<1024) for NAT in this Case the ntp server does not respond
This is the tcpdump if i do a ntpdate 143.93.17.210
--- SNIP TCPDUMP UDP PORT 123 ----
root at rztime1 [/etc/init.d] tcpdump udp port 123
tcpdump: listening on eth0
14:58:28.900016 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
14:58:29.899903 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
14:58:30.899922 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
14:58:31.899977 sub16.rz-zw.fh-kl.de.160 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
--- SNAP --------------------------
Now an tcpdump for an ntpdate -u 143.93.17.210
-------- SNIP -----------
root at rztime1 [/etc/init.d] tcpdump udp port 123
tcpdump: listening on eth0
15:01:15.650329 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
15:01:15.652907 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030: v4 server strat 2 poll 4 prec -17 (DF) [tos 0x10]
15:01:15.653230 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
15:01:15.653313 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030: v4 server strat 2 poll 4 prec -17 (DF) [tos 0x10]
15:01:15.653575 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
15:01:15.653650 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030: v4 server strat 2 poll 4 prec -17 (DF) [tos 0x10]
15:01:15.653908 sub16.rz-zw.fh-kl.de.1030 > rztime1.rz-zw.fh-kl.de.ntp: v4 client strat 0 poll 4 prec -6 (DF)
15:01:15.654642 rztime1.rz-zw.fh-kl.de.ntp > sub16.rz-zw.fh-kl.de.1030: v4 server strat 2 poll 4 prec -17 (DF) [tos 0x10]
----- SNAP -----------
I dont understand this behavior....
The Problem is that the Windows XP Client uses always port 123 as
source port and the Pix uses an privileged port ... No windows Client
will work..
IS there a possibility to force the ntp Server answering also for
privileged ports ??
Or does anyone know whats going wrong...
--
Best regards,
Helfrich
+------------------------------------------------------+
| Dipl. Inf. (FH) Markus Helfrich |
| Fachhochschule Kaiserslautern Standort Zweibrücken |
| University of applied Science |
| Amerikastr. 1 |
| 66482 Zweibrücken |
| |
| Tel.: +49 6332 914 154 |
| Fax.: +49 6332 914 155 |
| |
| mailto: helfrich at rz-zw.fh-kl.de |
+------------------------------------------------------+
More information about the questions
mailing list