Well, are you asking about the *source* port or about the *destination* port? There are two on every UDP packet.
The source port is *not* from the privileged range -- systemd-timesyncd always just lets the OS choose a random port from the ephemeral range. (I have seen some other NTP clients such as Windows insist on using 123 as both source and destination, but that's not the case with systemd-timesyncd nor with most other SNTP clients.)
The destination port has to be from the privileged range (specifically 123) because that's what NTP servers *listen on* -- the client cannot decide on a different port entirely on its own; you'd need to run your own NTP server configured to use a different port.
Although if you already have an NTP server listening on a different port, then unfortunately no, systemd-timesyncd does not currently have a config option for that. It seems port 123 is hardcoded in manager_connect(), most likely because that's what every public NTP server uses.
(Really I can't really think of any good purpose for such a block -- if anything, I'd expect to see the opposite, i.e. services on low ports allowed, the rest blocked. Does your network block DNS on port 53, too?)
On Wed, Mar 11, 2020 at 6:34 PM Jędrzej Dudkiewicz <jedrzej.dudkiewicz@xxxxxxxxx> wrote:
Hi,
I have quite a few devices running Linux in client's network - so I
have no control over it. It seems that all privileged UDP ports are
blocked I have to use unprivileged port. I'd like to use
systemd-timesyncd to synchronize time, thought I can't find a way to
force it to use unprivileged port. Is there any way to do it?
Thanks in advance,
--
Jędrzej Dudkiewicz
I really hate this damn machine, I wish that they would sell it.
It never does just what I want, but only what I tell it.
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
