[SOLVED] inbound/outbound connections required for NTP?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
A server has no idea who its clients are, it's totally stateless and when in a standard client / server style usage, there is only ever ever a request from the client to the server, which is a request for the current time. There is, to my knowledge, no other ntp request possible. It's not possible to "send" the time only request it.
Just in case anyone else was looking...this thread seems a bit misleading.
NTP is a UDP based protocol. That means that there is no end to end communication. You send a packet or you receive a packet, and that's the end of it.
With NTP, you send a request packet out. The server then sends a response packet back.
Those are two separate connections...so it is required that your firewall allow NTP (123/udp) inbound as well as outbound.
As far as I know, there isn't a way to do NTP without opening your firewall, using a DMZ, or setting up your own stratum 1 server.
No dude, that's not true at all. Any decent firewall will permit connection tracking on UDP. You couldn't possibly do NAT if it couldn't. If I have 20 PC's on a private LAN and they all sync to pool.ntp.org, in your explanation, a client send an NTP query, the firewall NAT's the LAN IP to a public IP and of it goes. Independently, and supposedly oblivious to the request being made, an unknown server on the internet fires an NTP response at the firewall. What then? How is this data ever supposed to get back to the internal client? Why would a client allow it blindly in?
UDP originally mandated 123 as the SOURCE port, but this is no longer required in any modern implementation of the service.
I'd suggest you reading up more about UDP in general before signing up just to provide incorrect information :-)
But now you have signed up, please feel more than welcome to stay a while.