RE: NTP, ntpdate, and ISP-based firewall

["Don Levey" <fedora-list@xxxxxxxxxxxxx>]

fedora-list-admin@xxxxxxxxxx wrote:

>
> It looks like you have not waited out a couple minutes even. After a
> minute and loose change you should know if it is reachable, though.
>
> You can check that with:
> [root@it ~]# ntpq -n -c peers;ntpq -n -c assoc
>      remote           refid      st t when poll reach   delay   offset
> jitter
>
============================================================================
> ==
>  127.127.1.0     127.127.1.0      3 l   11   64   17    0.000    0.000
> 0.008
>  132.239.1.6     132.249.20.88    2 u    3   64   17   29.482  -12.287
> 0.550
> +63.192.96.3     63.192.96.10     2 u   13   64   17   51.090    2.395
> 0.008
> *164.67.62.194   .PSC.            1 u   11   64   17   26.581    0.058
> 0.074
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1  1164  9014   yes   yes  none    reject   reachable  1
>   2  1165  9014   yes   yes  none    reject   reachable  1
>   3  1166  9414   yes   yes  none  candidat   reachable  1
>   4  1167  9614   yes   yes  none  sys.peer   reachable  1
>
>
> If reach is no then you have troubles. Just why I don't know because
> ntpdate uses the same ports pretty much the same way as ntpd itself.
>
> I prefer to sit in "ntpq" and use the "assoc" and "peers" commands
> more or less alternately to watch the system trying to synch up. It
> takes several minutes for things to settle down. But "reach" should
> get set pretty quickly.
>
> (NOte that it took 17 polls to get to this status. That was almost 18
> minutes. You must have patience IF reach increments each 64 seconds or
> so.)
>
> {^_^}

Well, here's the output I get when I try, after about 12 hours of waiting:

[root@davinci root]# ntpq -n -c peers;ntpq -n -c assoc
     remote           refid      st t when poll reach   delay   offset
jitter
============================================================================
==
*127.127.1.0     127.127.1.0     10 l   22   64  377    0.000    0.000
0.008
 69.22.157.240   0.0.0.0         16 u    - 1024    0    0.000    0.000
4000.00
ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 56708  9624   yes   yes  none  sys.peer   reachable  2
  2 56709  8000   yes   yes  none    reject
[root@davinci root]#

So I can reach myself, but not anyone else?
I'll try, as someone else suggested, the ISP's DNS server and see if that
helps.
Thanks,
 -Don