Facebook
Twitter- Server operating system version
- Ubuntu 22.04
- Plesk version and microupdate number
- 18.0.56
Hi,
I was configuring a new firewall (a MikroTik CHR) for a customer to sit in front of their new Plesk web server (deployed using the Plesk provided qcow2 with Ubuntu 22.04 and Plesk pre-installed) and I was going through all the ports I needed to NAT / firewall from this guide...
Which ports should be opened in the firewall on a Plesk server - Support Cases from Plesk Knowledge Base
This is the one that has me confused...
123 - NTP (UDP)
I'm not entirely sure why this has been listed... or at least listed in this way?
If this is meant to imply you need to open port 123 incoming... then not all NTP daemons by default listen for incoming NTP requests (e.g. timesyncd from systemd doesn't... but ntpd does). I know Plesk has a UI that lets you set the NTP server(s) that you'd like your server to get time from... but this UI can't be used for configuring anything to do with letting customers get the time from your server... it seems to be intended just to be for configuring NTP only in the scope of making sure the server has accurate time.
So why list this a port that needs to be open? Or is this only on the list as it needs to be open outbound and not inbound?
Maybe this would be better?
123 - NTP (UDP) - outgoing connections only
Just a thought
I was configuring a new firewall (a MikroTik CHR) for a customer to sit in front of their new Plesk web server (deployed using the Plesk provided qcow2 with Ubuntu 22.04 and Plesk pre-installed) and I was going through all the ports I needed to NAT / firewall from this guide...
Which ports should be opened in the firewall on a Plesk server - Support Cases from Plesk Knowledge Base
This is the one that has me confused...
123 - NTP (UDP)
I'm not entirely sure why this has been listed... or at least listed in this way?
If this is meant to imply you need to open port 123 incoming... then not all NTP daemons by default listen for incoming NTP requests (e.g. timesyncd from systemd doesn't... but ntpd does). I know Plesk has a UI that lets you set the NTP server(s) that you'd like your server to get time from... but this UI can't be used for configuring anything to do with letting customers get the time from your server... it seems to be intended just to be for configuring NTP only in the scope of making sure the server has accurate time.
So why list this a port that needs to be open? Or is this only on the list as it needs to be open outbound and not inbound?
Maybe this would be better?
123 - NTP (UDP) - outgoing connections only
Just a thought