On Wed, 2004-03-03 at 18:56, Bevan C. Bennett wrote:
Don Levey wrote:
ntp.conf (some comments excised):
(other comments excised)
Well, let's start with your .conf file and see what we can do...
restrict default ignore restrict 69.22.157.240 mask 255.255.255.255 nomodify notrap noquery restrict 127.0.0.1 restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap server 69.22.157.240 server ntp.ourconcord.net server ntp-0.cso.uiuc.edu fudge 127.127.1.0 stratum 10 driftfile /etc/ntp/drift broadcastdelay 0.008
keys /etc/ntp/keys
This is all a little odd... you won't need the 192.168 line until you're ready to broadcast (which you aren't doing).
Try the following: # /etc/ntp.conf test file # # be paranoid by default restrict default ignore # local clock of last resort server 127.127.1.0 fudge 127.127.1.0 stratum 10 # driftfile /etc/ntp/drift # # allow loopback ntpq connections restrict 127.0.0.0 mask 255.0.0.0 nomodify # # servers servers servers server 69.22.157.240 restrict 69.22.157.240 mask 255.255.255.255 nomodify notrap noquery server ntp.ourconcord.net restrict ntp.ourconcord.net mask 255.255.255.255 nomodify notrap noquery server ntp-0.cso.uiuc.edu restrict ntp-0.cso.uiuc.edu mask 255.255.255.255 nomodify notrap noquery
Then try 'service ntpd restart' to start up ntpd, wait a minute or so, and use 'ntpq -np' to see what's going on.
Hmm... I tried your test conf file, here's what I got:
[root@davinci etc]# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
127.127.1.0 127.127.1.0 10 l 44 64 1 0.000 0.000 0.008
69.22.157.240 0.0.0.0 16 u - 64 0 0.000 0.000
4000.00
Looks like I'm not getting out and back?
That's what 'reach=0' generally implies...
Even more odd, you aren't even trying the other two servers.
Any change if you replace them with their IPs? (216.204.156.2 and 130.126.24.53) Is your DNS ok?
While that's running, try 'tcpdump host 69.22.157.240' to see what traffic's actually going by.
You should see pairs of packets something like this (this is from my ntp server):
09:33:19.579902 urd.ntp > tick.usnogps.navy.mil.ntp: v4 client strat 0 poll 6 prec -18 (DF) [tos 0x10]
09:33:19.620380 tick.usnogps.navy.mil.ntp > urd.ntp: v4 server strat 1 poll 6 prec -19 (DF) [tos 0x10]
09:34:24.581554 urd.ntp > tick.usnogps.navy.mil.ntp: v4 client strat 0 poll 6 prec -18 (DF) [tos 0x10]
09:34:24.621438 tick.usnogps.navy.mil.ntp > urd.ntp: v4 server strat 1 poll 6 prec -19 (DF) [tos 0x10]
If you don't see the reply, you're getting blocked somewhere outside. If you -do- see the reply, you're not getting blocked, but just aren't acknowledging the replys (possibly due to iptables).
