Filtering NTP Port 123?

Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
Post Reply
moon
New to forums
New to forums
Posts: 4
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Tue Apr 03, 2012 7:19 pm

Filtering NTP Port 123?

Post by moon »

Hello,

I asked this question of support who told me to go here. Is anyone having trouble running ntpdate or ntpd on their VDS?
My VDS seems to not allow outgoing 123 UDP requests, and thus ntpdate and ntpd are failing to set and keep time properly. I have completely flushed iptables and disabled all firewalls, including the one on the control panel and I still cannot get to outgoing UDP 123 ports for time.

For example:

ntpdate -u -d -v 208.88.126.226
20 Jan 22:41:20 ntpdate[20670]: ntpdate 4.2.4p8@1.1612-o Wed Aug 25 13:54:52 UTC 2010 (1)
Looking for host 208.88.126.226 and service ntp
host found : caprica.willglynn.com
transmit(208.88.126.226)
transmit(208.88.126.226)
transmit(208.88.126.226)
transmit(208.88.126.226)
transmit(208.88.126.226)
208.88.126.226: Server dropped: no data
server 208.88.126.226, port 123
stratum 0, precision 0, leap 00, trust 000
refid [208.88.126.226], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
transmit timestamp: d6886ae3.bc4a19ff Mon, Jan 20 2014 22:41:23.735
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000

Exact same command on another server is successful:
ntpdate -u -d -v 208.88.126.226
20 Jan 22:37:40 ntpdate[10686]: ntpdate 4.2.4p8@1.1612-o Tue Nov 29 00:09:13 UTC 2011 (1)
Looking for host 208.88.126.226 and service ntp
host found : caprica.willglynn.com
transmit(208.88.126.226)
receive(208.88.126.226)
transmit(208.88.126.226)
receive(208.88.126.226)
transmit(208.88.126.226)
receive(208.88.126.226)
transmit(208.88.126.226)
receive(208.88.126.226)
transmit(208.88.126.226)
server 208.88.126.226, port 123
stratum 2, precision -21, leap 00, trust 000
refid [208.88.126.226], delay 0.12012, dispersion 0.00000
transmitted 4, in filter 4
reference time: d6886864.57dd0f5d Mon, Jan 20 2014 22:30:44.343
originate timestamp: d6886a05.86c97f7b Mon, Jan 20 2014 22:37:41.526
transmit timestamp: d6886a05.7be7bafe Mon, Jan 20 2014 22:37:41.484
filter delay: 0.12587 0.12012 0.12085 0.12056
0.00000 0.00000 0.00000 0.00000
filter offset: -0.00505 -0.00498 -0.00493 -0.00500
0.000000 0.000000 0.000000 0.000000
delay 0.12012, dispersion 0.00000
offset -0.004980

20 Jan 22:37:41 ntpdate[10686]: adjust time server 208.88.126.226 offset -0.004980 sec

nmap trace from server:
nmap -sU -v -p 123 208.88.126.226

Starting Nmap 5.21 ( http://nmap.org ) at 2014-01-20 22:48 EST
Initiating Ping Scan at 22:48
Scanning 208.88.126.226 [4 ports]
Completed Ping Scan at 22:48, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 22:48
Completed Parallel DNS resolution of 1 host. at 22:48, 0.00s elapsed
Initiating UDP Scan at 22:48
Scanning caprica.willglynn.com (208.88.126.226) [1 port]
Completed UDP Scan at 22:48, 0.22s elapsed (1 total ports)
Nmap scan report for caprica.willglynn.com (208.88.126.226)
Host is up (0.017s latency).
PORT STATE SERVICE
123/udp open|filtered ntp

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
Raw packets sent: 6 (304B) | Rcvd: 1 (40B)


nmap trace from another server:
nmap -sU -v -p 123 208.88.126.226

Starting Nmap 5.51 ( http://nmap.org ) at 2014-01-20 22:46 EST
Initiating Ping Scan at 22:46
Scanning 208.88.126.226 [4 ports]
Completed Ping Scan at 22:46, 0.12s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 22:46
Completed Parallel DNS resolution of 1 host. at 22:46, 0.12s elapsed
Initiating UDP Scan at 22:46
Scanning caprica.willglynn.com (208.88.126.226) [1 port]
Discovered open port 123/udp on 208.88.126.226
Completed UDP Scan at 22:46, 0.11s elapsed (1 total ports)
Nmap scan report for caprica.willglynn.com (208.88.126.226)
Host is up (0.094s latency).
PORT STATE SERVICE
123/udp open ntp

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
Raw packets sent: 5 (228B) | Rcvd: 2 (104B)
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: Filtering NTP Port 123?

Post by Edge100x »

This is something that should have stayed in a support request and I will need to find whoever told you to post about it and slap them.

As an emergency measure, certain locations have temporary limitations on NTP traffic. Please talk to us further in the original request and we can discuss how to work around this.
Post Reply