[SOLVED] inbound/outbound connections required for NTP?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
A server has no idea who its clients are, it's totally stateless and when in a standard client / server style usage, there is only ever ever a request from the client to the server, which is a request for the current time. There is, to my knowledge, no other ntp request possible. It's not possible to "send" the time only request it.
Just in case anyone else was looking...this thread seems a bit misleading.
NTP is a UDP based protocol. That means that there is no end to end communication. You send a packet or you receive a packet, and that's the end of it.
With NTP, you send a request packet out. The server then sends a response packet back.
Those are two separate connections...so it is required that your firewall allow NTP (123/udp) inbound as well as outbound.
As far as I know, there isn't a way to do NTP without opening your firewall, using a DMZ, or setting up your own stratum 1 server.
No dude, that's not true at all. Any decent firewall will permit connection tracking on UDP. You couldn't possibly do NAT if it couldn't. If I have 20 PC's on a private LAN and they all sync to pool.ntp.org, in your explanation, a client send an NTP query, the firewall NAT's the LAN IP to a public IP and of it goes. Independently, and supposedly oblivious to the request being made, an unknown server on the internet fires an NTP response at the firewall. What then? How is this data ever supposed to get back to the internal client? Why would a client allow it blindly in?
UDP originally mandated 123 as the SOURCE port, but this is no longer required in any modern implementation of the service.
I'd suggest you reading up more about UDP in general before signing up just to provide incorrect information :-)
But now you have signed up, please feel more than welcome to stay a while.