>>> Mantas Mikulenas <grawity@xxxxxxxxx> schrieb am 11.03.2020 um 17:52 in Nachricht <12133_1583945545_5E691749_12133_1276_1_CAPWNY8XJRN7-U15LmgpgXbqBeFPWJokEDM==EXd 5hc-adNh8Q@xxxxxxxxxxxxxx>: > Well, are you asking about the *source* port or about the *destination* > port? There are two on every UDP packet. > > The source port is *not* from the privileged range -- systemd-timesyncd > always just lets the OS choose a random port from the ephemeral range. (I > have seen some other NTP clients such as Windows insist on using 123 as > both source and destination, but that's not the case with systemd-timesyncd > nor with most other SNTP clients.) > > The destination port has to be from the privileged range (specifically 123) > because that's what NTP servers *listen on* -- the client cannot decide on > a different port entirely on its own; you'd need to run your own NTP server > configured to use a different port. > > Although if you already have an NTP server listening on a different port, > then unfortunately no, systemd-timesyncd does not currently have a config > option for that. It seems port 123 is hardcoded in manager_connect(), most > likely because that's what every public NTP server uses. There's some NTP paranoia spread: Here I also cannot use any external NTP server since serveral years. The central firewall blocks it all. > > (Really I can't really think of any good purpose for such a block -- if > anything, I'd expect to see the opposite, i.e. services on low ports > allowed, the rest blocked. Does your network block DNS on port 53, too?) > > On Wed, Mar 11, 2020 at 6:34 PM Jędrzej Dudkiewicz < > jedrzej.dudkiewicz@xxxxxxxxx> wrote: > >> Hi, >> >> I have quite a few devices running Linux in client's network - so I >> have no control over it. It seems that all privileged UDP ports are >> blocked I have to use unprivileged port. I'd like to use >> systemd-timesyncd to synchronize time, thought I can't find a way to >> force it to use unprivileged port. Is there any way to do it? >> >> Thanks in advance, >> -- >> Jędrzej Dudkiewicz >> >> I really hate this damn machine, I wish that they would sell it. >> It never does just what I want, but only what I tell it. >> _______________________________________________ >> systemd-devel mailing list >> systemd-devel@xxxxxxxxxxxxxxxxxxxxx >> https://lists.freedesktop.org/mailman/listinfo/systemd-devel >> > > > -- > Mantas Mikulėnas _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Antw: [EXT] Re: systemd-timesyncd - use unprivileged ports
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Antw: [EXT] Re: systemd-timesyncd - use unprivileged ports
- From: "Ulrich Windl" <Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 12 Mar 2020 08:03:13 +0100
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <12133_1583945545_5E691749_12133_1276_1_CAPWNY8XJRN7-U15LmgpgXbqBeFPWJokEDM==EXdE5hc-adNh8Q@mail.gmail.com>
- References: <CABJqhQOdNCKDkmB1iaOqbc=12ECD1yy4LRPkz-Wg7HLMGBmNbg@mail.gmail.com> <12133_1583945545_5E691749_12133_1276_1_CAPWNY8XJRN7-U15LmgpgXbqBeFPWJokEDM==EXdE5hc-adNh8Q@mail.gmail.com>
- References:
- systemd-timesyncd - use unprivileged ports
- From: Jędrzej Dudkiewicz
- systemd-timesyncd - use unprivileged ports
- Prev by Date: [RFC] pstore: options to enable kernel writing into the pstore
- Next by Date: Re: systemd-timesyncd - use unprivileged ports
- Previous by thread: Re: systemd-timesyncd - use unprivileged ports
- Next by thread: Re: systemd-timesyncd - use unprivileged ports
- Index(es):
 |