Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NTPD: use an unrestricted port for communication

Tags:

unix

time

ntpd

When querying ntp servers with the command ntpdate, I can use the -u argument to make the source port an unrestricted port (port 1024 and above).

With ntpd, which is meant to run in the background, I can't seem to find a way to turn this option on. So the source port is always 123. It's playing around horribly with my firewall configuration.

Is there a configuration option in ntp.conf to make it use a random source port?

like image 457
Cetra Avatar asked Oct 24 '08 07:10

Cetra


People also ask

What port does ntpd use?

NTP is a built-on UDP, where port 123 is used for NTP server communication and NTP clients use port 1023 (for example, a desktop).

What is the difference between ntpd and ntpdate?

Following is a summary of the differences between these commands: ntpdate synchronizes the clock with an NTP server one time whereas ntp starts and stops the Network Time Protocol Daemon (ntpd) service, and the ntpd keeps Director's clock in synchronization constantly.

Can we change NTP port?

You cannot change the NTP port but you can add an iptables cmd to redirect it through a VPN port.

What is the difference between Chronyd and ntpd?

One of the main differences between ntpd and chronyd is in the algorithms used to control the computer's clock. Things chronyd can do better than ntpd are: chronyd can work well when external time references are only intermittently accessible, whereas ntpd needs regular polling of time reference to work well.


3 Answers

Doesn't sound look this is possible...see the ntp troubleshooting page:

If you're going to run ntpd, you need to fix your network/firewall/NAT so that ntpd can have full unrestricted access to UDP port 123 in both directions.

If this is not possible, you may need to run ntpd on the firewall itself, so that it can have full unrestricted access to UDP port 123 in both directions, and then have it serve time to your internal clients.

If that's not possible, your only other option may be to buy the necessary hardware to connect to one or more of your own computers and run your own Stratum 1 time server or buy a pre-packaged Stratum 1 time server.

like image 110
Andy Whitfield Avatar answered Sep 28 '22 17:09

Andy Whitfield


I managed to solve this by replacing the official NTPD with OpenNTPD. While official NTPD is fixed to UDP port 123, OpenNTPD uses unprivileged ports.

like image 8
Onestone Avatar answered Sep 28 '22 17:09

Onestone


I've had this problem before and couldn't find a solution. I ended up just adding an entry to crontab that runs ntpdate once an hour. That gives good enough resolution for anything I do, since my clock never drifts more than 1 second per hour.

like image 3
davr Avatar answered Sep 28 '22 17:09

davr