[systemd-devel] Antw: [EXT] Re: systemd-timesyncd - use unprivileged ports

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Thu Mar 12 07:03:13 UTC 2020 

>>> Mantas Mikulenas <grawity at gmail.com> schrieb am 11.03.2020 um 17:52 in
Nachricht
<12133_1583945545_5E691749_12133_1276_1_CAPWNY8XJRN7-U15LmgpgXbqBeFPWJokEDM==EXd
5hc-adNh8Q at mail.gmail.com>:
> Well, are you asking about the *source* port or about the *destination*
> port? There are two on every UDP packet.
> 
> The source port is *not* from the privileged range -- systemd-timesyncd
> always just lets the OS choose a random port from the ephemeral range. (I
> have seen some other NTP clients such as Windows insist on using 123 as
> both source and destination, but that's not the case with systemd-timesyncd
> nor with most other SNTP clients.)
> 
> The destination port has to be from the privileged range (specifically 123)
> because that's what NTP servers *listen on* -- the client cannot decide on
> a different port entirely on its own; you'd need to run your own NTP server
> configured to use a different port.
> 
> Although if you already have an NTP server listening on a different port,
> then unfortunately no, systemd-timesyncd does not currently have a config
> option for that. It seems port 123 is hardcoded in manager_connect(), most
> likely because that's what every public NTP server uses.

There's some NTP paranoia spread: Here I also cannot use any external NTP
server since serveral years. The central firewall blocks it all.

> 
> (Really I can't really think of any good purpose for such a block -- if
> anything, I'd expect to see the opposite, i.e. services on low ports
> allowed, the rest blocked. Does your network block DNS on port 53, too?)
> 
> On Wed, Mar 11, 2020 at 6:34 PM Jędrzej Dudkiewicz <
> jedrzej.dudkiewicz at gmail.com> wrote:
> 
>> Hi,
>>
>> I have quite a few devices running Linux in client's network - so I
>> have no control over it. It seems that all privileged UDP ports are
>> blocked I have to use unprivileged port. I'd like to use
>> systemd-timesyncd to synchronize time, thought I can't find a way to
>> force it to use unprivileged port. Is there any way to do it?
>>
>> Thanks in advance,
>> --
>> Jędrzej Dudkiewicz
>>
>> I really hate this damn machine, I wish that they would sell it.
>> It never does just what I want, but only what I tell it.
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel at lists.freedesktop.org 
>> https://lists.freedesktop.org/mailman/listinfo/systemd-devel 
>>
> 
> 
> -- 
> Mantas Mikulėnas

More information about the systemd-devel mailing list