Hi Ray,
thank for your advance. For your question
1. I am not sure but i think the different is not so great maybe only 60 or 90
seconds (I have to check again.).
2. I am sure that i open my firewall to synctime with time.nuri.net because i
add my policy
fw all accept
3. yes i can ping time.nuri.net
4. I am not sure. I didn't modify anything in ntp.conf except change time
server to time.nuri.net. My firewall didn't have any client with those ip address.
Should i delete those lines?
thanks you very much.
May I ask you few more question? From those configuration i set another firewall to
sync time with this firewall but same problem
both firewall times didn't equal. Did i had wrong configuration in first firewall?
thank for your advance.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:leaf-user-admin@;lists.sourceforge.net]On Behalf Of Ray Olszewski
Sent: Monday, November 11, 2002 21:56
To: LeafUser
Subject: Re: [leaf-user] XNTPD.lrp How to config?
A few questions --
1. How great is the time discrepancy? ntp will, in general, only correct a
limited amount of variation (something like 100 seconds, I think, but you
should check that). In the other direction, a few seconds of discrepancy
will not be surprising, depending on how often the different hosts sync to
the server (I usually only sync once a day myself, for example) and how
good their local clocks are (cheap computers have cheap clocks).
2. Did you modify your firewall ruleset so it allows outgoing packets
from/to the ntp port (123 tcp and udp) on the firewall (and on the LAN, for
the peers)?
3. From the firewall, can you ping time.nuri.net? If not, how does the ping
fail?
4. What do these addresses have to do with your setup?
>restrict 192.5.41.40 nomodify notrap
>restrict 198.82.162.213 nomodify notrap
>restrict 128.118.25.3 nomodify notrap
At 07:23 PM 11/11/02 +0700, Thitiporn Pornpirunrak wrote:
>Hi all,
> Today I try to add xntpd.lrp into my bering box. But after I config
> server in ntp.conf. I don't know did my firewall synctime with time
> server? But when i config another bering box to sync time with that
> firewall and use "date" command to check. Both firewall time didn't
> equal. I am using Bering RC3. and this is my network diagram.
>
> Firewall2 --------------------------> time.nuri.net
> 192.168.102.6 xxx.xxx.xxx.xxx
> This is my firewall1 ntp.conf configuration.
>
>##############################
># First define the clocks we are using
>server time.nuri.net version 3 prefer
>
># where the drift file is located
>driftfile /etc/ntp.drift
>
># Block everyone out by default
>restrict default notrust nomodify nopeer notrust noserve notrap
>
># Let our time servers be trusted
>restrict 192.5.41.40 nomodify notrap
>restrict 198.82.162.213 nomodify notrap
>restrict 128.118.25.3 nomodify notrap
>
># Let a machine on our DMZ get updates but not modify
>restrict 192.168.2.215 nomodify notrap
>
># Let anything coming from the internal network do
># anything. Let's you run xntpdc from your internal
># network.
>restrict 192.168.2.254
># Same for the localhost.
>restrict 127.0.0.1
>
># Auth stuff, even if your trusted you need the key
>keys /etc/ntp.keys
>trustedkey 99
>requestkey 99
>controlkey 99
>##############################
>
>After I config and try to run xntpd command manually by "xntpd -c
>/etc/ntp.conf -l /var/log/xntpd.log" and tail in my log file. It shows
>
>##############################
> 7 Nov 17:09:57 xntpd[24666]: logging to file /var/log/xntpd.log
> 7 Nov 17:09:57 xntpd[24666]: xntpd 3-5.93 Sun Apr 8 09:08:37 EDT 2001 (2)
> 7 Nov 17:09:57 xntpd[24666]: tickadj = 5, tick = 10000, tvu_maxslew =
> 495, est. hz = 100
> 7 Nov 17:09:57 xntpd[24666]: precision = 13 usec
> 7 Nov 17:09:57 xntpd[24666]: read drift of 0.000 from /etc/ntp.drift
>##############################
>
> I found that my bering box 's time doesn't equal to my another
> machine that sync with time.nuri.net too. Please help me to find that why
> bering box didn't sync time with time.nuri.net. Didn't i had wrong
> configuration??? Please help me. (I am using bering RC3)
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
N����隊X���'���u���)���Y�\�g�������������b�H�zG(����柺ǫ����x%��ey�����l���q����z�m��?�X���(���~��zw��X�����b��?�柺ǫI�@B�m���y�鮈�r�+��no�hs�hrf�j�������|�Xm�
