[ntp:questions] xntpd (NTPv3) "restrict" questions.
Pete Stephenson
pete+usenet at heypete.com
Sun Jan 2 08:24:29 UTC 2005
I've been perusing the man pages and Google regarding the "restrict"
command for ntp.conf for xntpd (ntpq -c version reports ntpq 3-5.93e Mon
Apr 16 13:25:35 PDT 2001 (1)).
Specifically, I'd like my server to do the following things:
1) Synchronize with NTP servers specified in the "server [host.name]"
lines of my ntp.conf files and adjust time accordingly.
2) Allow clients to query my server for time service and informational
queries (i.e. ntpq -p time.heypete.com)
3) Disallow all connections (excepting those to/from the systems
mentioned in the "server [host.name]" lines) that attempt to modify my
local time.
I googled for an example configuration and located the following from
http://www.xs4all.nl/~xpeterxq/suse_conf_files/ntp.conf.html:
restrict default notrust lowpriotrap nopeer nomodify
restrict 209.204.159.18 mask 255.255.255.0 nopeer nomodify
restrict 204.152.184.72 mask 255.255.255.0 nopeer nomodify
restrict 216.218.192.202 mask 255.255.255.0 nopeer nomodify
restrict 216.218.254.202 mask 255.255.255.0 nopeer nomodify
or
restrict default notrust lowpriotrap nopeer nomodify
restrict time.sonic.net mask 255.255.255.0 nopeer nomodify
restrict clock.isc.org mask 255.255.255.0 nopeer nomodify
restrict clock.fmt.he.net mask 255.255.255.0 nopeer nomodify
restrict clock.sjc.he.net mask 255.255.255.0 nopeer nomodify
The former returns "server returns a permission denied error" errors,
and the latter returns "getnetnum: 'time.sonic.net' invalid host number,
line ignored" and "server returns a permission denied error" errors.
Presently, my ntp.conf file contains (among other commands) the
following line: "restrict default nopeer", which I'm assuming will
restrict others from specifying my server as a peer and being able to
manipulate my time. xntpd hasn't presented any errors about this line,
and syncs normally with the specified servers.
I realize that xntpd is somewhat out of date, and am working on getting
NTP 4.2.0 installed. Unfortunately, as I mentioned in a previous posting
here, I'm having some difficulty compiling it on my system and am
getting assistance off-group. As such, I must make do with what I have,
which is xntpd.
Any help in regards to this aspect of the configuration file would be
most helpful.
Cheers!
--
Pete Stephenson
HeyPete.com
More information about the questions
mailing list