You are not logged in.
- Topics: Active | Unanswered
#1 2023-02-01 18:04:01
- snowyrain
- Member
- Registered: 2023-02-01
- Posts: 2
[SOLVED] Port 123 UDP on installation necessary?
Hello,
I am checking if arch linux is something for me. I have worked with Ubuntu for many years.But I failed already with the installation. Now it works, but it took me hours to find my mistake.
In my opnsense firewall only the tcp ports 80 and 443 to the internet are allowed. That was not enough. I also had to allow the udp port 123 (NTP server) to the internet. The internal NTP from the opnsense works correct.
I have tried it very often. When I block port 123 to the internet (not local) I get the message:
Total (121/121) 464.8 MiB 6.83 MiB/s 01:08 [################################################################] 100%
(121/121) checking keys in keyring [################################################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
==> ERROR: Failed to install packages to new rootMaybe it helps someone else: On the same error check if upd port 123 is blocked.
I have not read anything about this in any documentation. Can it be that with the command "pacstrap -K /mnt base linux linux-firmware" the arch-mirror is also addressed on port 123(udp)? Maybe some security stuff?
Bye
Last edited by snowyrain (2023-02-01 20:59:52)
Offline
#2 2023-02-01 18:26:21
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,729
Re: [SOLVED] Port 123 UDP on installation necessary?
The error means that pacman-init.service hasn't finished. Not having ntp probably reduces the amount of entropy, making it take longer.
Edit: not an entropy thing, pacman-init.service doesn't start until after time-sync.target to prevent a bad date on the key. You need to either have NTP or set up the keyring manually.
Last edited by Scimmia (2023-02-01 18:55:21)
Offline
#3 2023-02-01 20:54:17
- snowyrain
- Member
- Registered: 2023-02-01
- Posts: 2
Re: [SOLVED] Port 123 UDP on installation necessary?
You are right. Thank you!
My DHCP server distributes the correct information. See:
nmap --script broadcast-dhcp-discover -e wlan1
> ...
> NTP server: 192.168.3.44But the time service does not start. See:
systemctl list-jobsIt was because of my firewall. The ntp port 123 was also blocked for the local interface.
Now it works fine!
Last edited by snowyrain (2023-02-01 20:57:56)
Offline