[systemd-devel] systemd-timesyncd - use unprivileged ports

Mantas Mikulėnas grawity at gmail.com
Wed Mar 11 16:52:08 UTC 2020 

Well, are you asking about the *source* port or about the *destination*
port? There are two on every UDP packet.

The source port is *not* from the privileged range -- systemd-timesyncd
always just lets the OS choose a random port from the ephemeral range. (I
have seen some other NTP clients such as Windows insist on using 123 as
both source and destination, but that's not the case with systemd-timesyncd
nor with most other SNTP clients.)

The destination port has to be from the privileged range (specifically 123)
because that's what NTP servers *listen on* -- the client cannot decide on
a different port entirely on its own; you'd need to run your own NTP server
configured to use a different port.

Although if you already have an NTP server listening on a different port,
then unfortunately no, systemd-timesyncd does not currently have a config
option for that. It seems port 123 is hardcoded in manager_connect(), most
likely because that's what every public NTP server uses.

(Really I can't really think of any good purpose for such a block -- if
anything, I'd expect to see the opposite, i.e. services on low ports
allowed, the rest blocked. Does your network block DNS on port 53, too?)

On Wed, Mar 11, 2020 at 6:34 PM Jędrzej Dudkiewicz <
jedrzej.dudkiewicz at gmail.com> wrote:

> Hi,
>
> I have quite a few devices running Linux in client's network - so I
> have no control over it. It seems that all privileged UDP ports are
> blocked I have to use unprivileged port. I'd like to use
> systemd-timesyncd to synchronize time, thought I can't find a way to
> force it to use unprivileged port. Is there any way to do it?
>
> Thanks in advance,
> --
> Jędrzej Dudkiewicz
>
> I really hate this damn machine, I wish that they would sell it.
> It never does just what I want, but only what I tell it.
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>


-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200311/a491c5fe/attachment.htm>

More information about the systemd-devel mailing list