[chrony-users] firewalling chrony

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-users] firewalling chrony
From: Leo Baltus <Leo.Baltus@xxxxxxxxx>
Date: Fri, 7 Feb 2014 18:30:52 +0100

Hi,

It seems that chronyd, when acting as a client uses both srcport 1024
through 65535 as well as port 123 to query external ntp-servers.

It makes discriminating between server traffic and client traffic
hard as both use packets with dstport=123 and srcport=123

I think ntpd does this as well, so I wonder is this mandated by
the protocol?

If not how can I tell chronyd not to use srcport=123 when querying
external servers while still serve ntp on port 123 to its clients?

-- 
Leo Baltus, internetbeheerder
NPO ICT Internet Services
Bart de Graaffweg 2, 1217 ZL Hilversum
servicedesk@xxxxxxxxx, 035-6773555

-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-users] firewalling chrony
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Fallback clock on event "Can't synchronise: no reachable sources"
Next by Date: [chrony-users] how to create a hashed chrony command password, it does not seem to work..
Previous by thread: Re: [chrony-users] Fallback clock on event "Can't synchronise: no reachable sources"
Next by thread: Re: [chrony-users] firewalling chrony

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/