NTPd

E Frank Ball frankb at efball.com
Tue Feb 12 10:44:49 PST 2002


On Tue, Feb 12, 2002 at 02:14:21AM -0800, Christopher Wagner wrote:
} Well, I hadn't opened a port in my firewall, but it's open now..
} --
} ACCEPT     tcp  -y----  anywhere             anywhere              any ->
} ntp
} --
} I still, however, seem to be getting the same results.  I've pasted in the
} results of ntpq below..
} ---
} [root at sparky root]# ntpq -p 132.239.254.49
} 132.239.254.49: timed out, nothing received
} ***Request timed out
} [root at sparky root]# ntpq -p 132.239.254.49
} 132.239.254.49: timed out, nothing received
} ***Request timed out

First problem is ntp is a udp protocol not a tcp protocol.

I restrict my firewall a little tighter, allowing only specific hosts:

ACCEPT     udp  ------  208.201.224.1        209.204.172.153       * ->   123
ACCEPT     udp  ------  208.201.224.76       209.204.172.153       * ->   123
ACCEPT     udp  ------  192.6.38.127         209.204.172.153       * ->   123
ACCEPT     udp  ------  63.192.96.2/31       209.204.172.153       * ->   123

Also for ntpq -p hostname:

ACCEPT     udp  ------  208.201.224.1        209.204.172.153       123 ->   49152:65535
ACCEPT     udp  ------  208.201.224.76       209.204.172.153       123 ->   49152:65535
ACCEPT     udp  ------  192.6.38.127         209.204.172.153       123 ->   49152:65535
ACCEPT     udp  ------  63.192.96.2/31       209.204.172.153       123 ->   49152:65535

For ntptrace I need this, which would take care of the above also, but
this is logged and the above is not:

ACCEPT     udp  ----l-  0.0.0.0/0            209.204.172.153       123 ->   1024:65535


} [root at sparky root]# ntpq -p
}      remote           refid      st t when poll reach   delay   offset
} jitter
} ============================================================================
} ==
}  nebu1-atm.ucsd. 0.0.0.0         16 u    - 1024    0    0.000    0.000
} 4000.00
}  mewmie.mainecoo 0.0.0.0         16 u    - 1024    0    0.000    0.000
} 4000.00
}  io.berkeley.net 0.0.0.0         16 u    - 1024    0    0.000    0.000
} 4000.00


Generally you also put the localhost in the ntp.conf file, I don't know
if its really needed, but it's they way people do it.  It give ntp
something to lock to immediately when you start it, or if you have any
network troubles:

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 11


-- 

   E Frank Ball                frankb at efball.com



More information about the talk mailing list