I’m trying to get some sort of time synchronization configured for a Ubuntu server. The server is behind a cloud-provider-stateless firewall. Through some trial and error I found out that in order for
ntp to work, I have to open the incoming UDP port 123.
Then I read that using
systemd-timesyncd is preferred nowadays, so I tried switching over to that. But that did not work. The service log was full of
systemd-timesyncd(2656121): Timed out waiting for reply from 220.127.116.11:123 (ntp.ubuntu.com). systemd-timesyncd(2656121): Timed out waiting for reply from 18.104.22.168:123 (ntp.ubuntu.com).
Only after I also whitelisted the ephemeral UDP ports
32768–65535 in the firewall did this start to work:
systemd-timesyncd(2656121): Initial synchronization to time server 22.214.171.124:123 (ntp.ubuntu.com).
Is opening that range of ports really necessary to operate