[RndTbl] MTS blocking NTP

Trevor Cordes trevor at tecnopolis.ca
Fri Jan 25 03:36:36 CST 2019

I noticed that at one of the customers I have that uses low-end business
MTS has had their NTP incoming/outgoing port (UDP 123) cut off (filtered)
at the ISP. Incoming I can understand, but outgoing?  All the computers in
the office have their time out of sync now.

Does anyone know what the internal Bell/MTS time server's IP/domain is?
Surely they didn't cut us off to their internal one.

Will have the customer contact them eventually, but you know how it goes
with tech support.  Looking for the quick solution...

Anyone else have their UDP 123 cut off since Bell came along?

Further: it looks like they are filtering outgoing only if your source
port is also 123.  That is hardcoded into ntp (from what I've read).  But
ntpdate allows the -u option to have the src port be >1024.  I tried that
and ntpdate -u does work, but ntpdate without the -u gets blocked.  So
they really are blocking in and out, but only src=123udp.

Looks like chrony (and others) lets you specify src port, but I'm loathe
to uproot the system I know because Bell is braindead.  (MTS didn't use to
block it, and block-happy Shaw does not block it.)

More information about the Roundtable mailing list