On Tue, 1 Dec 2015, Mark Felder wrote:
On Tue, Dec 1, 2015, at 09:53, el...@sentor.se wrote:
On Tue, 1 Dec 2015, Matthew Seaman wrote:
On 2015/12/01 15:05, Mark Felder wrote:
Notice how almost all of them are port 123 on both sides, but a few of
them are not. Why? The RFC says that NTP is supposed to be using port
123 as both the source and destination port, but I clearly have
something happening on port 16205. Is something screwy with ntpd in
CURRENT?
NTP not using port 123 as the source port usually indicates that it is
behind a NAT gateway at the other end. It's harmless and fairly common.
...or simply that it is a ntp *client* like ntpdate, and not a daemon.
Clients often use a random source port, while ntpd use source port 123.
I wouldn't expect something in pool.ntp.org to be behind NAT and this
wasn't an ntp client like ntpdate, but those are both interesting
scenarios. Perhaps I'm just naive and they have a good reason for using
NAT in front of that NTP server.
Not that this helps this thread to move on, but just to clarify:
In this case, the NAT that would introduce the randomized src port would
be *your* NAT, not a NAT at pool.ntp.org.
Deny UDP [2604:a880:800:10::bc:c004]:123 [2001:470:1f11:1e8::2]:58285 in via
gif0
The blocked response came from port 123 just as expected.
If the client truly sent out a query from src port 123, then it must have
been your NAT that picked a free random port to use for its outgoing
connection, i.e. port 58285.
The server then respond back to your NAT-IP 2001:470:1f11:1e8::2 at port
58285.
Your NAT should receive the packet, match it against its NAT table, find
that it has indeed an ongoing UDP connection for that particular flow, so
it rewrites the dst IP and dst port to your original internal IP address
and original port (123) and send it back to the client.
/Elof
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
