Redirection of outbound UDP port NTP.
Posted
by pboin
on Server Fault
See other posts from Server Fault
or by pboin
Published on 2010-04-20T12:21:52Z
Indexed on
2010/04/20
12:23 UTC
Read the original article
Hit count: 290
For my residential service, I changed ISPs to Zoom/Armstrong. Just after that, my NTP daemons stopped working. I dug deep and diagnosed the problem:
Unprivileged ports are getting out. When i run 'ntpdate' for example, I go out on a high, unprivleged port, and get a response on UDP 123. That's fine. The 'ntpd' daemon though, expects to go out on 123 and get its reply there as well. This must be a common problem, because it's directly addressed in the NTP troubleshooting guide.
Just to see what would happen, I wrote a detailed email to the general support address at Armstrong. They replied almost immediately with a complete technical answer! They have everything <1024 blocked, except for a few ports to support outbound VPN.
So, the question:
Can I use IPtables to essentially re-write my outbound UDP 123 up to 2123 or something like that? If I do, does there need to be a corresponding 2123->123 rule to translate the reply? This seems like NAT, but with ports, not addresses.
True, I could run ntpdate from cron, but that loses all of the adjustment smarts of NTP.
© Server Fault or respective owner