- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- NTP configuration
Operating System - Linux
1819870
Members
2349
Online
109607
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-15-2007 07:44 PM
тАО03-15-2007 07:44 PM
Hi,
Just want to confirm on the following for ntp setup:
1) can we confirm that when we config for ntp to do our time syncing (I am configuring a ntp client here), the ntp client server is initiating through a ntp fix port (123)? Or it will initiate via a ramdom high port say > 1023?
From my tcpdump ... It show my ntp client is always trying to initiate a ntp connection via port 123 with the ntp server at port 123.. Is this the correct behaviour for redhat linux?
2) is it possible to do the ntp client connection via other ports? Is it advisable to do so?
3) I have a production server already in production mode (but with no ntpd configured)... And it is 10 min slower than the ntp server.
I wish to have it configure with ntp to sync the time... With the great time difference, how can I do this?
Or is there a way to slowly increase the time such that it is very close to the time in ntp server without affecting time-dependant application in this server? And once it is close enough, I can just configure the ntp.
O/S Version : Red Hat Enterprise Linux ES release 4
thanks in advance
Subra
Just want to confirm on the following for ntp setup:
1) can we confirm that when we config for ntp to do our time syncing (I am configuring a ntp client here), the ntp client server is initiating through a ntp fix port (123)? Or it will initiate via a ramdom high port say > 1023?
From my tcpdump ... It show my ntp client is always trying to initiate a ntp connection via port 123 with the ntp server at port 123.. Is this the correct behaviour for redhat linux?
2) is it possible to do the ntp client connection via other ports? Is it advisable to do so?
3) I have a production server already in production mode (but with no ntpd configured)... And it is 10 min slower than the ntp server.
I wish to have it configure with ntp to sync the time... With the great time difference, how can I do this?
Or is there a way to slowly increase the time such that it is very close to the time in ntp server without affecting time-dependant application in this server? And once it is close enough, I can just configure the ntp.
O/S Version : Red Hat Enterprise Linux ES release 4
thanks in advance
Subra
The sole advantage of power is that you can do more good
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-15-2007 08:45 PM
тАО03-15-2007 08:45 PM
Solution
1.) Ntpd can simultaneously be a client of some NTP servers, a peer to some other NTP servers and a server to a group of NTP clients. To make this possible, ntpd always uses port 123. This is the behaviour defined by RFC 1305 (standard definition of NTP).
2.) Apparently there is no way to change the port number without editing the source code of the NTP software.
The NTP software needs root access for its primary purpose: adjusting the system clock. Just changing the port number would not allow you to run the NTP client as a non-root user.
If you control the NTP server you're intending to use for synchronization, you technically could deploy a custom ntpd to the server and run your entire NTP structure in a non-standard port... but why? What's the point in that?
Furthermore, some managed switches, routers and other network components may have a NTP client built into their firmware, and they don't generally have a facility to change the port number. You'd lose the possibility to use NTP with these devices if you used a non-standard port.
3) Being slow is not as much a problem as being fast, but it's advisable to make any adjustments to active production systems slowly.
To correct the initial 10 min error, you could use the "ntpdate" command with "-B" option: in this case, it will contact the NTP server, calculate the time difference, instruct the OS kernel to make the system clock faster until the clock has gained the necessary number of seconds, then resume normal speed.
After this, the time should be well within ntpd's +/- 30 seconds limit, so ntpd can be started.
2.) Apparently there is no way to change the port number without editing the source code of the NTP software.
The NTP software needs root access for its primary purpose: adjusting the system clock. Just changing the port number would not allow you to run the NTP client as a non-root user.
If you control the NTP server you're intending to use for synchronization, you technically could deploy a custom ntpd to the server and run your entire NTP structure in a non-standard port... but why? What's the point in that?
Furthermore, some managed switches, routers and other network components may have a NTP client built into their firmware, and they don't generally have a facility to change the port number. You'd lose the possibility to use NTP with these devices if you used a non-standard port.
3) Being slow is not as much a problem as being fast, but it's advisable to make any adjustments to active production systems slowly.
To correct the initial 10 min error, you could use the "ntpdate" command with "-B" option: in this case, it will contact the NTP server, calculate the time difference, instruct the OS kernel to make the system clock faster until the clock has gained the necessary number of seconds, then resume normal speed.
After this, the time should be well within ntpd's +/- 30 seconds limit, so ntpd can be started.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-15-2007 08:50 PM
тАО03-15-2007 08:50 PM
Re: NTP configuration
Shalom,
NTP is reliable but relatively primative, can't work on any port other than 123. You can program a firewall to play with the traffic.
ntp will and should be used to sync that server to real time before it goes prod.
SEP
NTP is reliable but relatively primative, can't work on any port other than 123. You can program a firewall to play with the traffic.
ntp will and should be used to sync that server to real time before it goes prod.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2007 12:40 AM
тАО03-27-2007 12:40 AM
Re: NTP configuration
1- already answered
2 - In my opinion, you shouldn't mess with the ntp client source code to change the port it uses but you can use iptables to redirect your server's ntp requests with a source port of 123 to a high port, then redirect the reply you receive from the ntp server in that high port back to port 125. The question is, why would you want to do that? If your concerned about security, create a rule in your firewall that allows traffic on port 125 only from/to your trusted ntp server.
3 - As far as I know, the only way to do that would be manually, then when it's close enough (so it won't affect your application) to the time in the ntp server, use "ntpdate" to sync.
Bruno Facca
2 - In my opinion, you shouldn't mess with the ntp client source code to change the port it uses but you can use iptables to redirect your server's ntp requests with a source port of 123 to a high port, then redirect the reply you receive from the ntp server in that high port back to port 125. The question is, why would you want to do that? If your concerned about security, create a rule in your firewall that allows traffic on port 125 only from/to your trusted ntp server.
3 - As far as I know, the only way to do that would be manually, then when it's close enough (so it won't affect your application) to the time in the ntp server, use "ntpdate
Bruno Facca
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP