[ntp:questions] Interface restrictions confusing me

Brian Utterback brian.utterback at sun.com
Mon Oct 12 18:04:04 UTC 2009


John Hasler wrote:
> Juergen Beisert wrote:
>> Why is port 123 open on eth0?
> 
> David Woolley writes:
>> To allow the replies to come back in from the time servers.  ntpd
>> sends UDP packets with both source and destination set to 123, not
>> just when talking to peers.
> 
> With a stateful firewall it is only necessary to allow outgoing packets
> on a port to establish a connection from inside.  The firewall will
> recognize the reply packets as part of an established connection.

You misunderstand. David's answer has nothing to do with firewalls. 
The ntpd daemon binds the addresses so that it can choose the port and 
addresses to send on.




More information about the questions mailing list