[ntp:questions] Re: Configuring a server and clients behind a firewall

Steve Kostecke kostecke at ntp.isc.org
Tue Feb 1 03:41:04 UTC 2005


On 2005-01-31, Tad Marko <tad at tadland.net> wrote:

> I have been looking for some example ntp.conf files without any
> luck. I'm hoping to find a basic set of working ntp.conf files for a
> server on an internal network, syncing itself to an outside source
> (probalby pool.ntp.org), and then the ntp.conf file for the clients to
> sync to my server. I can find a lot of client ntp.conf (and it seems
> like there is always some slight differences in the restrict lines),

The right restrictions for you are dependent on a number of factors
including your network architecture. There is some information about
restrictions and a list of questions to help you choose the right
restrictions at:

http://ntp.isc.org/bin/view/Support/ConfRestrict

> but I cannot find any examples of what a server ntp.conf should look
> like. Can anyone help me out?

Here are some barebones configuration files. They do not contain any
restrictions. If you do want to use restrictions you will not be able to
use server host names that resolve to multiple IP addresses (e.g.
*.pool.ntp.org).

---------------------------------8X----------------------------------
# Basic Local Server Configuration

# Driftfile
driftfile /var/lib/ntp/ntp.drift

# Uncomment the next block of lines to enable statistics collection
#statsdir /var/log/ntpstats/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable

# Remote time servers
pool.ntp.org iburst
pool.ntp.org iburst
pool.ntp.org iburst
pool.ntp.org iburst
pool.ntp.org iburst

---------------------------------8X----------------------------------

---------------------------------8X----------------------------------
# Basic Client Configuration

# Driftfile
driftfile /var/lib/ntp/ntp.drift

# Local time server
server your.local.server iburst
---------------------------------8X----------------------------------

> Also, if I want to make the server visible to the world, what, if any,
> changes should I make to the file?

That depends on what you decide to use for you server configuration
file, and whether or not your ntpd is behind a firewall or NAT.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/



More information about the questions mailing list