On 17 Sep., 16:43, Steve Kostecke <[EMAIL PROTECTED]> wrote: > On 2007-09-17, rasmus <[EMAIL PROTECTED]> wrote: > > > hmm, I played a bit around with this and other stuff w/o getting > > anywhere. So I went to do other stuff and basically haven't touched > > anything for a couple of days. So looking at this graph, > >http://www.pool.ntp.org/scores/90.184.3.208, of my servers pool > > performance is really puzzling me. Can anyone offer me a clue? :) >
Hello and thanks for your comprehensive answer! > The red areas in the colored band the top of the upper graph on your > pool stats page indicates when your server is either unreachable or > significantly wrong. It appears that your server is "in the red" most of > the time. Indeed :( > As a test I added your server to one of my ntpds. Your server has > remained in .INIT. for an extended period of time and shows no signs of > being reachable. > > nmap shows this: > > | # nmap -sU -p 123 90.184.3.208 > | > | Starting Nmap 4.11 (http://www.insecure.org/nmap/) at 2007-09-17 09:51 EDT > | Interesting ports on 3404ds2-brh.0.fullrate.dk (90.184.3.208): > | PORT STATE SERVICE > | 123/udp open|filtered ntp > | > | Nmap finished: 1 IP address (1 host up) scanned in 8.517 seconds > > Open means that an application on the target machine is listening for > connections/packets on that port. Filtered means that a firewall, > filter, or other network obstacle is blocking the port so that Nmap > cannot tell whether it is open or closed. I got this as well when running my own tests. Running them from the inside, though, made me wonder about their strict validity. I have applied for a free ssh account on the net to be able to test from the outside but no response so far. I'll try another one. > It should also be noted that queries with ntpq to 90.184.3.208 always > time out. > > Are you sure that your firewall is not blocking port 123/UDP? > > If you need to port forward 123/UDP to a machine behind your firewall, > are you sure that this is actually happening? If I enable debug out on my ntpd I get a lot of connections from all over the net. So I think that part is OK. > Is it possible that connections to your port 123/UDP are going to a > locked down ntpd on your firewall? If by 'locked down' you mean some 'restrict' line in the conf file, then I have removed all of those. My ntp.conf is as originally posted with all restrict lines commented out. > Does 'ntdpc -c monlist 90.184.3.208' show anything? You ought to see my > IP address in there... I get no response: 90.184.3.208: timed out, nothing received ***Request timed out If I use my internal interface address I get a bunch (snipped list): firewall ~ # ntpdc -c monlist 192.168.1.2 remote address port local address count m ver code avgint lstint =============================================================================== 192.168.1.2 44069 192.168.1.2 21 7 2 0 43649 0 srv1-87-106-95-189.ben 123 192.168.1.2 1108 4 4 0 64 0 3404ds2-brh.0.fullrate 26123 192.168.1.2 29 7 2 0 33338 5 cctld.tix.ch 123 192.168.1.2 1612 4 4 0 64 19 ntp1.belbone.be 123 192.168.1.2 1115 4 4 0 64 22 plum.amber.org.uk 123 192.168.1.2 1116 4 4 0 64 40 85.30.74.90 2120 192.168.1.2 743 3 4 0 243 43 fartein.ifi.uio.no 123 192.168.1.2 1113 4 4 0 64 63 ime.adisan.ro 47229 192.168.1.2 752 3 4 0 586 357 193.172.182.180 59411 192.168.1.2 713 3 3 0 1677 558 ip72-192-21-54.ri.ri.c 123 192.168.1.2 48 3 3 0 939 685 x3.develooper.com 57928 192.168.1.2 418 3 3 0 787 713 166.190-10-238.uio.sat 123 192.168.1.2 346 3 4 0 1025 951 This mirrors my own testing, where I get responses if I use my internal (192.168.1.2/127.0.0.1) interfaces but not the external one (the one on the outside of the DSL modem). I have not been able to determine where the responses get lost, though :( > Are you sure that ntpd is not using another configuration file? There is no -c on the command line so I gather that /etc/ntp.conf should be used by default. > Did you know that ... > > * You may get a "remote view" of the ntpd at the IP address you are > "browsing from" by visitinghttp://support.ntp.org/ntpd.php > > * You may view information about an ntpd at any arbitrary address by > visitinghttp://www.vanheusden.com/query_ntp.php Yes, I tried those. With as little luck as the pool servers have... Also, the reason I wrote in with the 'puzzled' comment is that the pool seem, from time to time and seldomly, to have connection to my server. And that is at times I am definitely not touching the firewall/ network. Indeed, not touching the box at all. mmm, I am wondering whether this phenomenon could be due to a lot of dropped packets? I'll go reduce my pool bandwidth and see what happens. Again, thanks for your answer! Cheers, Rasmus _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
