Nick Bright wrote: > I've installed and configured NTP on a RHEL 3 machine, and configured it > to query the US pool servers. > > Unfortunately, because the firewall administrator this machine is behind > hasn't yet set up the firewall rules the time can't sync. At least I > assume that he hasn't done it, because the time isn't syncing. > > ntpq> pe > remote refid st t when poll reach delay offset jitter > ======================================================================== > 217.160.254.116 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00 > 75.144.70.35 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00 > 72.232.254.202 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00 > 208.75.88.4 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00 > > However, if I execute "ntpdate -u localhost" it replies with: > > ntpdate[8246]: no server suitable for synchronization found > > I did verify that I can sync with an external source, though: > > ntpdate -u 217.160.254.116 > 8 Feb 19:04:00 ntpdate[8247]: adjust time server 217.160.254.116 > offset -0.302278 sec > > So my questions are: > > If the NTPD isn't synchronized with external servers, will it simply > ignore clients? > > If it doesn't ignore clients, why would my ntpdate command run on the > local machine not be able to query the server? It can't be the firewall, > because iptables is completely disabled. > > Thanks,
Assuming that you waited at least 30 minutes before printing that ntpq "banner", the servers you have configured are unreachable. As I recall, ntpdate -u uses a "non-privileged port" whereas ntpdate and ntpd both normally use port 123. This suggests that the firewall is passing ports 1025 and above and not port 123. If ntpdate without the "-u" does not work, it would tend to confirm this hypothesis. Get your firewall straightened out. AFAIK there is no good reason to block port 123. _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions