Re: [chrony-users] Many servers became unreachable

[ Thread Index | Date Index | More Archives ]

Miroslav Lichvar schreef:
On Mon, Jun 01, 2015 at 07:36:37PM +0200, Roel Schroeven wrote:
Roel Schroeven schreef op 2015-06-01 17:41:
That setup has worked nicely for quote some time, but today suddenly it
failed: chrony can't connect to its upstream servers anymore, and I have no
idea why.
Everything works again now. It's a complete mystery to me.
It's probably the NAT on your firewall giving you source ports below
123, which older ntpd versions reject as bogus:

ntpdate -q works because it uses a random source port. chronyd
in recent versions does that too by default.
Aha, that sounds plausible.

According to tcpdump, initially chrony sends requests from a random port (41820 in this case) and does indeed receive replies; after that it starts using port 123 and receives no more replies. I can't see what the NAT does with that, so I assume you're right.

Thanks for clearing up the mystery!

Best regards,
"Life ain't no fairy tale
Just give me another ale
And I'll drink to Rock 'n Roll"
        -- Barkeep (The Scabs)
-- To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject. For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject. Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+