|Re: [chrony-users] Many servers became unreachable|
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]
Miroslav Lichvar schreef:
Aha, that sounds plausible.On Mon, Jun 01, 2015 at 07:36:37PM +0200, Roel Schroeven wrote:Roel Schroeven schreef op 2015-06-01 17:41:That setup has worked nicely for quote some time, but today suddenly it failed: chrony can't connect to its upstream servers anymore, and I have no idea why.Everything works again now. It's a complete mystery to me.It's probably the NAT on your firewall giving you source ports below 123, which older ntpd versions reject as bogus: https://bugs.ntp.org/show_bug.cgi?id=2174 ntpdate -q works because it uses a random source port. chronyd in recent versions does that too by default.
According to tcpdump, initially chrony sends requests from a random port (41820 in this case) and does indeed receive replies; after that it starts using port 123 and receives no more replies. I can't see what the NAT does with that, so I assume you're right.
Thanks for clearing up the mystery!
-- "Life ain't no fairy tale Just give me another ale And I'll drink to Rock 'n Roll" -- Barkeep (The Scabs)-- To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject. For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject. Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.
|Mail converted by MHonArc 2.6.19+||http://listengine.tuxfamily.org/|