On Saturday, June 28, 2025 9:02:56 PM Pacific Daylight Time Hal Murray wrote: > > None of them should need port 123 if packets are > > selectively port forwarded. > > Why do we want/need port forwarding?
The Idea there is that you could have several ntp servers for different tasks. - an rsntp analogue to handle unsigned traffic. - a server for Network Time security - an MS-SNTP server that can't block the above - maybe others like symmetric, 3des or autokey > The idea is to move everything else to a different port so the only > traffic on port 123 is requests for the server. > > If the client side opens a socket for each server, that gets a default > random local port. The replies will come back to that port/socket rather > than port 123. > > I don't have a good plan for mode6/ntpq traffic. If we put the data into > shared memory, we can write a version of ntpq that looks there. Maybe > it's time for SNMP. (as much as I hate that sort of stuff) I would say just run it locally and allow access via ssh and 9p. We have an SNMP widget, it's probably time to dust it a backhand some fixes. _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
