Date: Tue, 01 Dec 2015 10:09:16 -0600 From: Mark Felder <feld@FreeBSD.org> To: elof2@sentor.se, Matthew Seaman <matthew@FreeBSD.org> Cc: "freebsd-net" <freebsd-net@freebsd.org> Subject: Re: IPFW blocked my IPv6 NTP traffic Message-ID: <1448986156.1288999.454817825.3C08D1EA@webmail.messagingengine.com> In-Reply-To: <alpine.BSF.2.00.1512011650350.54839@farmermaggot.shire.sentor.se> References: <1448920706.962818.454005905.61CF9154@webmail.messagingengine.com> <1448956697.854911427.15is5btc@frv34.fwdcdn.com> <1448982333.1269981.454734633.11BA4DB2@webmail.messagingengine.com> <565DBA5B.20203@FreeBSD.org> <alpine.BSF.2.00.1512011650350.54839@farmermaggot.shire.sentor.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 1, 2015, at 09:53, elof2@sentor.se wrote: > > On Tue, 1 Dec 2015, Matthew Seaman wrote: > > > On 2015/12/01 15:05, Mark Felder wrote: > >> Notice how almost all of them are port 123 on both sides, but a few of > >> them are not. Why? The RFC says that NTP is supposed to be using port > >> 123 as both the source and destination port, but I clearly have > >> something happening on port 16205. Is something screwy with ntpd in > >> CURRENT? > > > > NTP not using port 123 as the source port usually indicates that it is > > behind a NAT gateway at the other end. It's harmless and fairly common. > > ...or simply that it is a ntp *client* like ntpdate, and not a daemon. > Clients often use a random source port, while ntpd use source port 123. > I wouldn't expect something in pool.ntp.org to be behind NAT and this wasn't an ntp client like ntpdate, but those are both interesting scenarios. Perhaps I'm just naive and they have a good reason for using NAT in front of that NTP server. -- Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1448986156.1288999.454817825.3C08D1EA>