[pkg-ntp-maintainers] some unclear points concerning ntp
Wolfgang Jeltsch
7o2lccqg at acme.softbase.org
Sat May 17 19:18:55 UTC 2008
[Please don’t just answer to the list since I’m not subscribed to it.]
Hello,
the ntp package of Debian etch confuses me somehow. The section “Startup”
in /usr/share/doc/ntp/README.Debian.gz seems to say that ntpd is not started
by default. However, I installed ntp and ntpd is running without any further
action. There exists a file /var/run/ntpd.pid and an ntpd process with the
respective PID is present. On the other hand, /etc/init.d/ntp status
says: “* NTP server is not running.” What’s going on here?
I have another question, refering to firewall configuration.
Section “Firewall” of the README file says:
> If your system is behind a firewall, the port you need to open up to
> allow the NTP protocol to work (for either ntpdate or ntpd) is UDP
> port 123. Server-to-server NTP packets usually use this for both
> source and destination: for extra security, a stateful firewall should
> block "new" packets with source, but not destination, port 123 from
> entering your network.
So does this mean that I should block incoming packets which have a source
port of 123 and a destination port different from 123? Or does this mean
that I should block packets which have a source port of 123 but that I should
not block packets which have a destination port of 123? What about packets
which have 123 as their destination port but a different source port? Are
these harmless? And why shouldn’t I block all incoming “new” packets if I’m
just asking external NTP servers for the time and not offering time to
external clients? I’d be happy if you could clarify this.
Best wishes,
Wolfgang
More information about the pkg-ntp-maintainers
mailing list