Re: can't get ntp to stay up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Sean,

> Dec 23 16:23:58 gateway ntpd[20163]: kernel time sync status 0040

 I guess your firewall might be blocking the traffic. Try "service iptables 
status" and see if it is running, and "iptables -L -n | less" to see the 
ruleset. Iirc the default RH firewall rules do not log traffic that is 
being blocked. This 'll stop your log from flooding, but it also makes 
debugging your firewall rule set more difficult.

 You'll need to open port 123 udp. Something like
iptables -A INPUT -p udp -s <server IP> --sport 123 --dport 123 -j ACCEPT
for each server you are polling.

> I've commented out redhat's "restrict default ignore" line

 That leaves your ntpd WideOpen(TM). Better just leave it there and add 
restricts for the servers you are polling.

 Based on your ntp.conf I would change it to something like:

logconfig =sysall +syncall +clockall +peeral

restrict default ignore
restrict 127.0.0.1
restrict 10.10.8.0 mask 255.0.0.0 notrust nomodify notrap

# not sure if you should be using IP's here, which is what I do
restrict clock.redhat.com	mask 255.255.255.255 notrust nomodify notrap
# Ease the polling to a maximum of once every 5 minutes. That is just fine.
server  clock.redhat.com	minpoll 8 maxpoll 12
restrict clock2.redhat.com	mask 255.255.255.255 notrust nomodify notrap
server  clock2.redhat.com	minpoll 8 maxpoll 12
restrict time.cachenetworks.com	mask 255.255.255.255 notrust nomodify notrap
server  time.cachenetworks.com	minpoll 8 maxpoll 12
restrict louie.udel.edu		mask 255.255.255.255 notrust nomodify notrap
server  louie.udel.edu		minpoll 8 maxpoll 12
restrict ntp.ourconcord.net	mask 255.255.255.255 notrust nomodify notrap
server  ntp.ourconcord.net	minpoll 8 maxpoll 12
restrict clock.nyc.he.net	mask 255.255.255.255 notrust nomodify notrap
server  clock.nyc.he.net	minpoll 8 maxpoll 12

# Don't need your own machine to sync to
#server  127.127.1.0
#fudge   127.127.1.0 stratum 10

driftfile /var/lib/ntp/drift
broadcastdelay  0.008

# You don't need/want authenitcation
# Might even be your problem
authenticate no
#keys            /etc/ntp/keys

Bye,
Leonard.

--
mount -t life -o ro /dev/dna /genetic/research
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux