Description of problem:

If NTP requests goes through NAT, NAT changes srcport of packet to something random. Sometimes it's below 123 and ntp drops it without any logging.

Source code says (ntpd/ntp_proto.c):

 332     /*
 333      * Bogus port check is before anything, since it probably
 334      * reveals a clogging attack.
 335      */
 336     sys_received++;
 337     if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) {
 338         sys_badlength++;
 339         return;             /* bogus port */
 340     }


Version-Release number of selected component (if applicable):
ntp-4.2.6p5-1.el6.centos.x86_64

...but srcrpm for centos7 shows, that it's version have the same problem (ntp-4.2.6p5-18.el7.centos.src.rpm)



How reproducible:
Always when packet srcport is lower than NTP_PORT (123).
For testing purposes you can create NAT that changes srcport to - for example - 121.


Steps to Reproduce:
1. Install NTP server on server-host and client on client-host
2. Configure NAT for client-host so NTP will exit host with srcport lower than 123. (or you can use simple python ntp client found here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691412)
3. Run `ntpq -p` on client-host. NTP is always in state .INIT. cause server dropped all requests. No logs at all in syslog. No debuglogs even with debuglevel=10.


Actual results:
NTP drops requests without any logging.


Expected results:
Packets are not dropped, or this option is configurable and should log something. Took me few weeks to debug why some servers have problems with ntp :(


Additional info:
http://lists.ntp.org/pipermail/hackers/2009-December/004758.html
http://bugs.ntp.org/show_bug.cgi?id=2174

Debian already fixed that:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691412