NTP, ntpdate, and ISP-based firewall
Don Levey
fedora-list at the-leveys.us
Thu Mar 4 04:36:11 UTC 2004
On Wed, 2004-03-03 at 18:56, Bevan C. Bennett wrote:
> Don Levey wrote:
>
> > ntp.conf (some comments excised):
> (other comments excised)
>
> Well, let's start with your .conf file and see what we can do...
>
> > restrict default ignore
> > restrict 69.22.157.240 mask 255.255.255.255 nomodify notrap noquery
> > restrict 127.0.0.1
> > restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
> > server 69.22.157.240
> > server ntp.ourconcord.net
> > server ntp-0.cso.uiuc.edu
> > fudge 127.127.1.0 stratum 10
> > driftfile /etc/ntp/drift
> > broadcastdelay 0.008
> >
> > keys /etc/ntp/keys
>
> This is all a little odd... you won't need the 192.168 line until you're
> ready to broadcast (which you aren't doing).
>
> Try the following:
> # /etc/ntp.conf test file
> #
> # be paranoid by default
> restrict default ignore
> # local clock of last resort
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
> #
> driftfile /etc/ntp/drift
> #
> # allow loopback ntpq connections
> restrict 127.0.0.0 mask 255.0.0.0 nomodify
> #
> # servers servers servers
> server 69.22.157.240
> restrict 69.22.157.240 mask 255.255.255.255 nomodify notrap noquery
> server ntp.ourconcord.net
> restrict ntp.ourconcord.net mask 255.255.255.255 nomodify notrap noquery
> server ntp-0.cso.uiuc.edu
> restrict ntp-0.cso.uiuc.edu mask 255.255.255.255 nomodify notrap noquery
>
> Then try 'service ntpd restart' to start up ntpd, wait a minute or so,
> and use 'ntpq -np' to see what's going on.
>
Hmm... I tried your test conf file, here's what I got:
[root at davinci etc]# ntpq -np
remote refid st t when poll reach delay offset
jitter
==============================================================================
127.127.1.0 127.127.1.0 10 l 44 64 1 0.000 0.000
0.008
69.22.157.240 0.0.0.0 16 u - 64 0 0.000 0.000
4000.00
Looks like I'm not getting out and back?
-Don
More information about the users
mailing list