Per Hedeland wrote:
In article <[EMAIL PROTECTED]> "Richard
B. Gilbert" <[EMAIL PROTECTED]> writes:
Danny Mayer wrote:
David Woolley wrote:
For several years now, it has been almost essential that it does respond
to client requests from other ports, because of network address translation.
I hope NAT does not REQUIRE different port numbers.
NAT maps public address + port to (RFC 1918) private address + port. So
a system with an RFC 1918 address 192.168.1.20 will send an NTP packet
from port 123 and the NAT router will map it to 68.44.203.111 port
xxxxx. When you reply to 68.44.203.111 port xxxxx the router knows to
map it to 192.168.1.20 port 123.
So yes, in a sense, NAT does require "different" port numbers.
Well, it doesn't require *different* port numbers (not sure what you
mean with the quotes), i.e. it's perfectly possible (and generally
desirable IMHO) for xxxxx to be 123 - as long as there is only one
internal address sending from 123. YMMV depending on the capabilities of
your NAT device of course, but it's certainly technically possible, and
trivial to do with something like ipfilter on a *nix box.
--Per Hedeland
[EMAIL PROTECTED]
If there is only one system using NTP through the router/firewall, you
are correct; port 123 can and probably will be used. If you have more
than one then the others will be mapped to some other port. This only
applies to NAT; if you have routable addresses and a real router, there
is no need to change or map the original port numbers.
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
