[ntp:questions] Re: uk pool problem

Thu, 07 Sep 2006 12:45:15 -0700 

In article <[EMAIL PROTECTED]> "Richard
B. Gilbert" <[EMAIL PROTECTED]> writes:
>Per Hedeland wrote:
>> In article <[EMAIL PROTECTED]> "Richard B. Gilbert"
>> <[EMAIL PROTECTED]> writes:
>> 
>>>Per Hedeland wrote:
>>>
>>>>In article <[EMAIL PROTECTED]> "Richard
>>>>B. Gilbert" <[EMAIL PROTECTED]> writes:
>>>>
>>>>
>>>>>Danny Mayer wrote:
>>>>>
>>>>>
>>>>>>David Woolley wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>For several years now, it has been almost essential that it does respond
>>>>>>>to client requests from other ports, because of network address
>translation.
>>>>>>
>>>>>>I hope NAT does not REQUIRE different port numbers.
>>>>>
>>>>>NAT maps public address + port to (RFC 1918) private address + port.  So 
>>>>>a system with an RFC 1918 address 192.168.1.20 will send an NTP packet 
>>>>
>>>>>from port 123 and the NAT router will map it to 68.44.203.111 port 
>>>>
>>>>
>>>>>xxxxx.  When you reply to 68.44.203.111 port xxxxx the router knows to 
>>>>>map it to 192.168.1.20 port 123.
>>>>>
>>>>>So yes, in a sense, NAT does require "different" port numbers.
>>>>
>>>>
>>>>Well, it doesn't require *different* port numbers (not sure what you
>>>>mean with the quotes), i.e. it's perfectly possible (and generally
>>>>desirable IMHO) for xxxxx to be 123 - as long as there is only one
>>>>internal address sending from 123. YMMV depending on the capabilities of
>>>>your NAT device of course, but it's certainly technically possible, and
>>>>trivial to do with something like ipfilter on a *nix box.
>>>
>>>If there is only one system using NTP through the router/firewall, you 
>>>are correct; port 123 can and probably will be used.
>> 
>> 
>> Yes, that's what I think I said:-) ("as long as...").

>I think I stated it badly.  Try this.  If there is more than one system 
>using NTP through a NAT router only one of them can use port 123 
>externally; the router must map the second user to some port other than 123.

I still think that's what I said (though maybe *I* worded it badly), but
please let's end this thread now...

--Per Hedeland
[EMAIL PROTECTED]

_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions

Reply via email to