[EMAIL PROTECTED] wrote: > Hi all, > > I'm trying to set up NTPD on a gentoo box to serve time to my network. > Needless to say, it's not working. > It remains as a stratum 16 server, because it is not syncing. > > Below is lots of information on what ntp is doing, hopefully some of it > will be useful. > > ----------------------------------------------------------------------------------- > > # ntpq -p -c rv > > remote refid st t when poll reach delay offset > jitter > ============================================================================== > ntp.demon.co.uk .INIT. 16 u - 64 0 0.000 0.000 > 0.000 > box2.martinradf .INIT. 16 u - 64 0 0.000 0.000 > 0.000 > hall.inhouse-so .INIT. 16 u - 64 0 0.000 0.000 > 0.001 > > assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart, > version="ntpd [EMAIL PROTECTED] Mon Nov 6 19:31:48 UTC 2006 (1)", > processor="i686", system="Linux/2.6.11-gentoo-r4", leap=11, stratum=16, > precision=-20, rootdelay=0.000, rootdispersion=0.915, peer=0, > refid=INIT, reftime=00000000.00000000 Thu, Feb 7 2036 6:28:16.000, > poll=6, clock=c8fa16a7.725e7096 Mon, Nov 6 2006 20:16:39.446, > state=1, > offset=0.000, frequency=-15.882, jitter=0.001, noise=0.001, > stability=0.000, tai=0 > > ----------------------------------------------------------------------------------- > > # ntpd -d > ntpd [EMAIL PROTECTED] Mon Nov 6 19:31:48 UTC 2006 (1) > addto_syslog: precision = 1.000 usec > create_sockets(123) > addto_syslog: no IPv6 interfaces found > addto_syslog: ntp_io: estimated max descriptors: 1024, initial socket > boundary: 16 > bind() fd 16, family 2, port 123, addr 0.0.0.0, flags=9 > Added addr 0.0.0.0 to list of addresses > addto_syslog: Listening on interface wildcard, 0.0.0.0#123 Disabled > bind() fd 17, family 2, port 123, addr 127.0.0.1, flags=5 > Added addr 127.0.0.1 to list of addresses > addto_syslog: Listening on interface lo, 127.0.0.1#123 Enabled > bind() fd 18, family 2, port 123, addr 192.168.1.200, flags=25 > Added addr 192.168.1.200 to list of addresses > addto_syslog: Listening on interface eth0, 192.168.1.200#123 Enabled > bind() fd 19, family 2, port 123, addr 192.168.0.200, flags=25 > Added addr 192.168.0.200 to list of addresses > addto_syslog: Listening on interface eth1, 192.168.0.200#123 Enabled > bind() fd 20, family 2, port 123, addr xxx.xxx.xxx.120, flags=19 > Added addr xxx.xxx.xxx.120 to list of addresses > addto_syslog: Listening on interface ppp0, xxx.xxx.xxx.120#123 Enabled > init_io: maxactivefd 20 > local_clock: time 0 base 0.000000 offset 0.000000 freq 0.000 state 0 > addto_syslog: frequency initialized -15.882 PPM from > /var/lib/ntp/ntp.drift > key_expire: at 0 > peer_clear: at 0 next 1 assoc ID 29972 refid INIT > newpeer: xxx.xxx.xxx.120->158.152.1.76 mode 3 vers 4 poll 6 10 flags > 0x281 0x1 ttl 0 key 00000000 > key_expire: at 0 > peer_clear: at 0 next 2 assoc ID 29973 refid INIT > newpeer: xxx.xxx.xxx.120->81.187.65.110 mode 3 vers 4 poll 6 10 flags > 0x201 0x1 ttl 0 key 00000000 > key_expire: at 0 > peer_clear: at 0 next 3 assoc ID 29974 refid INIT > newpeer: xxx.xxx.xxx.120->213.170.141.38 mode 3 vers 4 poll 6 10 flags > 0x201 0x1 ttl 0 key 00000000 > local_clock: time 0 base 0.000000 offset 0.000000 freq -15.882 state 1 > report_event: system event 'event_restart' (0x01) status 'sync_alarm, > sync_unspec, 1 event, event_unspec' (0xc010) > transmit: at 1 xxx.xxx.xxx.120->158.152.1.76 mode 3 > auth_agekeys: at 1 keys 1 expired 0 > timer: refresh ts 0 > transmit: at 2 xxx.xxx.xxx.120->81.187.65.110 mode 3 > transmit: at 3 xxx.xxx.xxx.120->213.170.141.38 mode 3 > transmit: at 3 xxx.xxx.xxx.120->158.152.1.76 mode 3 > transmit: at 4 xxx.xxx.xxx.120->81.187.65.110 mode 3 > transmit: at 5 xxx.xxx.xxx.120->213.170.141.38 mode 3 > transmit: at 5 xxx.xxx.xxx.120->158.152.1.76 mode 3 > transmit: at 6 xxx.xxx.xxx.120->81.187.65.110 mode 3 > transmit: at 7 xxx.xxx.xxx.120->213.170.141.38 mode 3 > transmit: at 7 xxx.xxx.xxx.120->158.152.1.76 mode 3 > transmit: at 8 xxx.xxx.xxx.120->81.187.65.110 mode 3 > and so on and so forth. Occasionally keys expire. > > ----------------------------------------------------------------------------------- > > # ntpdate -q 81.187.65.110 > server 81.187.65.110, stratum 3, offset -0.003914, delay 0.06453 > 6 Nov 20:18:40 ntpdate[7338]: adjust time server 81.187.65.110 offset > -0.003914 sec > > # ntpdate -q 213.170.141.38 > server 213.170.141.38, stratum 2, offset -0.001053, delay 0.06541 > 6 Nov 20:19:09 ntpdate[7342]: adjust time server 213.170.141.38 offset > -0.001053 sec > > ----------------------------------------------------------------------------------- > > # cat /etc/ntp.conf > restrict default ignore > restrict 127.0.0.1 > > restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer > restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap nopeer > > driftfile /var/lib/ntp/ntp.drift > logfile /var/log/ntp.log > > server ntp.demon.co.uk prefer iburst > restrict 158.152.1.76 nomodify noserve > server 81.187.65.110 iburst > restrict 81.187.65.110 nomodify noserve noquery notrap > server 213.170.141.38 iburst > restrict 213.170.141.38 nomodify noserve noquery notrap > > ----------------------------------------------------------------------------------- > > # dig +short ntp.demon.co.uk > 158.152.1.76 > > ----------------------------------------------------------------------------------- > > There is nothing interesting in /var/log/ntp.log > > I have iptables running, and although I believe as long as established > connections are allowed through it should need no special > configuration, it my first port of call. However, after flushing and > setting its default policy to accept for everything, the results were > no different. I am not an iptables wizard though, so could have missed > something. > > Can anyone shed any light on the matter? > > As an aside, how do I prevent ntpd from listening on a particular > interface? > > Cheers, > Ling >
Remove the restrict statements! Test. If it works now, your restrict statements were incorrect. If this is the case re-read the documentation for the restrict statement CAREFULLY! I don't think you CAN prevent ntpd from listening on a particular interface. Ntpd will listen on every configured interface. This is not a problem for most people. What problem are YOU trying to solve? _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
