NTP, ntpdate, and ISP-based firewall
Bevan C. Bennett
bevan at fulcrummicro.com
Wed Mar 3 23:56:08 UTC 2004
Don Levey wrote:
> ntp.conf (some comments excised):
(other comments excised)
Well, let's start with your .conf file and see what we can do...
> restrict default ignore
> restrict 69.22.157.240 mask 255.255.255.255 nomodify notrap noquery
> restrict 127.0.0.1
> restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
> server 69.22.157.240
> server ntp.ourconcord.net
> server ntp-0.cso.uiuc.edu
> fudge 127.127.1.0 stratum 10
> driftfile /etc/ntp/drift
> broadcastdelay 0.008
>
> keys /etc/ntp/keys
This is all a little odd... you won't need the 192.168 line until you're
ready to broadcast (which you aren't doing).
Try the following:
# /etc/ntp.conf test file
#
# be paranoid by default
restrict default ignore
# local clock of last resort
server 127.127.1.0
fudge 127.127.1.0 stratum 10
#
driftfile /etc/ntp/drift
#
# allow loopback ntpq connections
restrict 127.0.0.0 mask 255.0.0.0 nomodify
#
# servers servers servers
server 69.22.157.240
restrict 69.22.157.240 mask 255.255.255.255 nomodify notrap noquery
server ntp.ourconcord.net
restrict ntp.ourconcord.net mask 255.255.255.255 nomodify notrap noquery
server ntp-0.cso.uiuc.edu
restrict ntp-0.cso.uiuc.edu mask 255.255.255.255 nomodify notrap noquery
Then try 'service ntpd restart' to start up ntpd, wait a minute or so,
and use 'ntpq -np' to see what's going on.
More information about the users
mailing list