Chuck Swiger cswiger at
Fri Jul 18 00:07:26 UTC 2008

On Jul 17, 2008, at 4:35 PM, Max Laier wrote:
>> David Mills' ntpd uses port 123 on both sides, true.  Other NTP
>> implementations tend to use ephemeral ports; a quick histogram of 30
>> seconds or so of traffic to a stratum-2 NTP server suggests about  
>> half
>> of the NTP traffic out there uses other ports.
> Don't forget PNAT.  I'd also argue that the rc.firewall6 in base is
> supposed to work with the ntpd in base.  We should, however, not  
> forget
> about ntpdate, which seems to use ephemeral ports.

Certainly some forms of NAT might also "scrub" ntpd's use of port 123  
to some random higher port, true enough.  It's not recommended that  
machines providing time service to others have NAT in the way, though,  
so that circumstance wasn't at the top of my mind.  :-)


More information about the freebsd-net mailing list