[ACCEPTED]-NTPD: use an unrestricted port for communication-ntpd

Accepted answer
Score: 13

Doesn't sound look this is possible...see 14 the ntp troubleshooting page:

If you're going to run ntpd, you need 13 to fix your network/firewall/NAT so that 12 ntpd can have full unrestricted access to 11 UDP port 123 in both directions.

If this 10 is not possible, you may need to run ntpd 9 on the firewall itself, so that it can have 8 full unrestricted access to UDP port 123 7 in both directions, and then have it serve 6 time to your internal clients.

If that's 5 not possible, your only other option may 4 be to buy the necessary hardware to connect 3 to one or more of your own computers and 2 run your own Stratum 1 time server or buy 1 a pre-packaged Stratum 1 time server.

Score: 8

I managed to solve this by replacing the 3 official NTPD with OpenNTPD. While official 2 NTPD is fixed to UDP port 123, OpenNTPD 1 uses unprivileged ports.

Score: 3

I've had this problem before and couldn't 5 find a solution. I ended up just adding 4 an entry to crontab that runs ntpdate once 3 an hour. That gives good enough resolution 2 for anything I do, since my clock never 1 drifts more than 1 second per hour.

Score: 2

You can use source NAT on the host running 2 ntpd to replace the 123 source port with 1 a port number above 1024.

Score: 1

You cannot change the NTP port but you can 2 add an iptables cmd to redirect it through 1 a VPN port.

Details: http://openvpn.net/archive/openvpn-users/2007-11/msg00223.html

Score: 1

As @Andy_Whitfield wrote, ntpd cannot do 15 this. But there are alternatives like OpenNTPD and 14 Chrony. AFAIK, Chrony is also used by Android.

In 13 my setup, I use chrony. It uses an unprivileged 12 port for asking remote servers. This technique 11 has much more chances to pass a NAT. It's 10 the same mechanism by the way which also 9 ntpdate -q uses for querying the server, but only 8 when called as an unprivileged user.

I think, the 7 main problem why it sometimes doesn't work 6 is that many routers have NTP implemented 5 themselves to set their internal clock. On 4 these devices the port is in use and thus 3 cannot be NATed. This might even be the 2 case if the device doesn't respond to NTP 1 queries.

More Related questions