When querying ntp servers with the command ntpdate, I can use the -u argument to make the source port an unrestricted port (port 1024 and above).
With ntpd, which is meant to run in the background, I can't seem to find a way to turn this option on. So the source port is always 123. It's playing around horribly with my firewall configuration.
Is there a configuration option in ntp.conf to make it use a random source port?
Doesn't sound look this is possible...see the ntp troubleshooting page:
If you're going to run ntpd, you need to fix your network/firewall/NAT so that ntpd can have full unrestricted access to UDP port 123 in both directions.
If this is not possible, you may need to run ntpd on the firewall itself, so that it can have full unrestricted access to UDP port 123 in both directions, and then have it serve time to your internal clients.
If that's not possible, your only other option may be to buy the necessary hardware to connect to one or more of your own computers and run your own Stratum 1 time server or buy a pre-packaged Stratum 1 time server.
I've had this problem before and couldn't find a solution. I ended up just adding an entry to crontab that runs ntpdate once an hour. That gives good enough resolution for anything I do, since my clock never drifts more than 1 second per hour.
I have another problem. My module binds to three udp ports 5311 5312 and 5313 and keeps them in listen mode. When I run ntpd service restart, ntp tries to use all these ports to synchronize and yet fails to synchronize. Please suggest why it tries these ports.
I managed to solve this by replacing the official NTPD with OpenNTPD. While official NTPD is fixed to UDP port 123, OpenNTPD uses unprivileged ports.