NTP synchronized: no

Shaheen Bakhtiar shashaness at hotmail.com
Sun Sep 13 14:57:35 UTC 2015 

From your email on Sep 8th:

> chronyc sources
> 210 Number of sources = 4
> MS Name/IP address         Stratum Poll Reach LastRx Last sample
> ===============================================================================
> ^? host3.nuagelibre.org <http://host3.nuagelibre.org/>          0   8     0   10y     +0ns[   +0ns] +/-    0ns
> ^? tomia.ordimatic.net <http://tomia.ordimatic.net/>           0   8     0   10y     +0ns[   +0ns] +/-    0ns
> ^? ntp.tuxfamily.net <http://ntp.tuxfamily.net/>             0   8     0   10y     +0ns[   +0ns] +/-    0ns
> ^? ns346276.ip-94-23-32.eu <http://ns346276.ip-94-23-32.eu/>       0   8     0   10y     +0ns[   +0ns] +/-    0ns


Which indicates Chrony is working, but is not getting a response from the time pool. You mentioned that the firewall team told you that port 123 is open, but this is not enough (intact may be unnecessary). Chrony uses a unprivileged port ( > 1024) to connect to port 123 on the ntp pool server. What needs to happen is the firewall needs to track this connection and allow a udp packet back form the source port 123 to your server, to the unprivileged port chrony used to send the request out.

This requires a stateful firewall or one that tracks the connection. In the case of Cisco routers they can use ip inspect command, but it depends on the firewall they are using as to how they would accomplish this.


> On Sep 13, 2015, at 4:57 AM, Patrick Dupre <pdupre at gmx.com> wrote:
> 
> Hello,
> 
> Following the previous email exchange, what is the next step?
> Is the issue clearly identified?
> Do I need to run more tests?
> 
> Thank.
> 
> ===========================================================================
> Patrick DUPRÉ                                 | | email: pdupre at gmx.com
> Laboratoire de Physico-Chimie de l'Atmosphère | |
> Université du Littoral-Côte d'Opale           | |
> Tel.  (33)-(0)3 28 23 76 12                   | | Fax: 03 28 65 82 44
> 189A, avenue Maurice Schumann                 | | 59140 Dunkerque, France
> ===========================================================================
> -- 
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20150913/0d2d7b5e/attachment.html>

More information about the users mailing list