Re: [chrony-users] Many servers became unreachable

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


Miroslav Lichvar schreef:
On Mon, Jun 01, 2015 at 07:36:37PM +0200, Roel Schroeven wrote:
  
Roel Schroeven schreef op 2015-06-01 17:41:
    
That setup has worked nicely for quote some time, but today suddenly it
failed: chrony can't connect to its upstream servers anymore, and I have no
idea why.
      
Everything works again now. It's a complete mystery to me.
    
It's probably the NAT on your firewall giving you source ports below
123, which older ntpd versions reject as bogus:

https://bugs.ntp.org/show_bug.cgi?id=2174

ntpdate -q works because it uses a random source port. chronyd
in recent versions does that too by default.
Aha, that sounds plausible.

According to tcpdump, initially chrony sends requests from a random port (41820 in this case) and does indeed receive replies; after that it starts using port 123 and receives no more replies. I can't see what the NAT does with that, so I assume you're right.

Thanks for clearing up the mystery!


Best regards,
Roel
-- 
"Life ain't no fairy tale
Just give me another ale
And I'll drink to Rock 'n Roll"
        -- Barkeep (The Scabs)
-- To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject. For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject. Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/