Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

NTPD: use an unrestricted port for communication

Tags:

unix

time

ntpd

When querying ntp servers with the command ntpdate, I can use the -u argument to make the source port an unrestricted port (port 1024 and above).

With ntpd, which is meant to run in the background, I can't seem to find a way to turn this option on. So the source port is always 123. It's playing around horribly with my firewall configuration.

Is there a configuration option in ntp.conf to make it use a random source port?

like image 457
Cetra Avatar asked Oct 24 '08 07:10

Cetra

People also ask

What port does ntpd use?

NTP is a built-on UDP, where port 123 is used for NTP server communication and NTP clients use port 1023 (for example, a desktop).

What is the difference between ntpd and ntpdate?

Following is a summary of the differences between these commands: ntpdate synchronizes the clock with an NTP server one time whereas ntp starts and stops the Network Time Protocol Daemon (ntpd) service, and the ntpd keeps Director's clock in synchronization constantly.

Can we change NTP port?

You cannot change the NTP port but you can add an iptables cmd to redirect it through a VPN port.

What is the difference between Chronyd and ntpd?

One of the main differences between ntpd and chronyd is in the algorithms used to control the computer's clock. Things chronyd can do better than ntpd are: chronyd can work well when external time references are only intermittently accessible, whereas ntpd needs regular polling of time reference to work well.

3 Answers

Doesn't sound look this is possible...see the ntp troubleshooting page:

If you're going to run ntpd, you need to fix your network/firewall/NAT so that ntpd can have full unrestricted access to UDP port 123 in both directions.

If this is not possible, you may need to run ntpd on the firewall itself, so that it can have full unrestricted access to UDP port 123 in both directions, and then have it serve time to your internal clients.

If that's not possible, your only other option may be to buy the necessary hardware to connect to one or more of your own computers and run your own Stratum 1 time server or buy a pre-packaged Stratum 1 time server.

like image 110
Andy Whitfield Avatar answered Sep 28 '22 17:09

Andy Whitfield

I managed to solve this by replacing the official NTPD with OpenNTPD. While official NTPD is fixed to UDP port 123, OpenNTPD uses unprivileged ports.

like image 8
Onestone Avatar answered Sep 28 '22 17:09

Onestone

I've had this problem before and couldn't find a solution. I ended up just adding an entry to crontab that runs ntpdate once an hour. That gives good enough resolution for anything I do, since my clock never drifts more than 1 second per hour.

like image 3
davr Avatar answered Sep 28 '22 17:09

davr
Sign in to Comment

Related questions

how to keep file ownership while using tar
Is it good programming practice to use setjmp and longjmp in C?
what is the relationship between X11 and gnome? [closed]
Syntax error: operand expected (error token is "+")
how to use sed to extract lines in specified order?
fork and existing threads?
changing to parent directory in unix
Write STDOUT & STDERR to a logfile, also write STDERR to screen
How to view and edit the ephemeral port range on Linux?
How to duplicate a request using wget (or curl) with raw headers?
How can I merge PDF files (or PS if not possible) such that every file will begin in a odd page?
Understanding Linux directory permissions reasoning
Unix permissions, read vs. execute (PHP context)
What are all the differences between pipes and message queues?
Maximum file size given a particular inode structure?
Does cron expression in unix/linux allow specifying exact start and end dates
wc gzipped files?
COFF on Linux or ELF on Windows
Zombie processes
In UNIX what "cat file1 > file1 does?"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!