[ntp:questions] Re: Servers reachable, but can't sync

John DeDourek dedourek at unb.ca
Thu Sep 8 21:36:52 UTC 2005


This a Linux machine???  If it is, then consider... (otherwise
ignore)

if the "iptables" -->local firewall on this machine<-- is
configured to block port 123 (for example if blocking all
privileged ports incoming) then when the program attempts
to receive on port 123, it won't hear the results.

IMPORTANT:  tcpdump captures packets BEFORE the iptables
filters, so it will show the incoming packet to port 123,
even if the packet is dropped by the iptables filters.

Suggest you do an
    /sbin/iptables -L -v 2>&1 | less
and see what shows up.

Greg McCann wrote:
> Sorry for the top-posting, but I wanted to insert some relevant information that I discovered while answering your questions below.
> 
> In the tcpdump analysis of the ntpdate communication in my previous post (and thanks to some of your hints), I noticed that ntpdate was communicating with the server through an unprivileged port (33347) when sucessfully using the -q option, but was using the ntp port (123) when unsucessfully using the -b option.
> 
> I then noticed in the ntpdate documentation...
> 
> -u      Direct ntpdate to use an unprivileged port for outgoing packets.
> 
> So I tried...
> 
> # ntpdate -ub 65.200.108.234
> 8 Sep 10:43:25 ntpdate[20450]: step time server 65.200.108.234 offset 1.472721 sec
> 
> # ntpdate -ub 65.200.108.234
> 8 Sep 10:43:43 ntpdate[20452]: step time server 65.200.108.234 offset 0.000169 sec
> 
> There is no error message, and it appears that the clock has been sucessfully adjusted.  It looks like we are getting somewhere.  I am mystified though, as to why there would be any communication trouble on port 123, when tcpdump appears to show port 123 communication completing successfully in both directions.  Other machines on the same network are able to sync with the same server with no problems.
> 
> The only difference I can think of in the network configuration for this machine is that while most machines on the network are connected to switched ports, the machine where I am having trouble is connected to an unswitched port, since it is being used as a network sniffer.  (Though I have disabled the sniffer while running these tests to avoid further complications.)
> 
> I tried to find an option to get ntpd to use an unprivileged port, but there doesn't seem to be one.
> 
> I guess the only thing left is to figure out what the problem is with port 123, though I can't think of any reason it would be blocked, and tcpdump seems to show packets coming and going through port 123 just the same as they are on an unprivileged port.
> 
> 
> Greg
> 
> (answers to your previous questions below...)
> 
> On 9/8/2005 at 6:35 PM Brad Knowles <brad at stop.mail-abuse.org> wrote:
> 
> 
>>	Are you sure you're running these commands as root?
> 
> 
> # id
> uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> 
> 
>>	Or, maybe you're running on something like SELinux...
> 
> 
> Nope - just plain vanilla RH9.  The only unusual app I have running on this machine is ntop, and even that has been turned off while running my ntp tests.
> 
> # uname -a
> Linux sniffy 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux
> 
> # cat /etc/redhat-release
> Red Hat Linux release 9 (Shrike)
> 
> 
>>	What happens when you try to run a real "ntpd -gq" instead of 
>>ntpdate?
> 
> 
> # ntpd -gq
> 
> # tail /var/log/messages
> Sep  8 10:27:26 sniffy ntpd[20415]: ntpd 4.2.0a at 1.1196-r Tue Sep  6 04:53:56 PDT 2005 (1)
> Sep  8 10:27:26 sniffy ntpd[20415]: precision = 1.000 usec
> Sep  8 10:27:26 sniffy ntpd[20415]: Listening on interface wildcard, 0.0.0.0#123
> Sep  8 10:27:26 sniffy ntpd[20415]: Listening on interface lo, 127.0.0.1#123
> Sep  8 10:27:26 sniffy ntpd[20415]: Listening on interface eth0, 65.200.108.10#123
> Sep  8 10:27:26 sniffy ntpd[20415]: kernel time sync status 0040
> Sep  8 10:27:26 sniffy ntpd[20415]: frequency initialized 0.000 PPM from /etc/ntp.drift
> Sep  8 10:27:43 sniffy ntpd[20415]: no reply; clock not set
> 
> 
> 
>>Can you show us what the tcpdump looks like?
> 
> 
> # tcpdump -w test3.log host 65.200.108.10 and host 65.200.108.234 and port ntp &
> [1] 20430
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
> 
> # ntpd -gq
> 
> # killall tcpdump
> 16 packets captured
> 16 packets received by filter
> 0 packets dropped by kernel
> [1]+  Done                    tcpdump -w test3.log host 65.200.108.10 and host 65.200.108.234 and port ntp
> 
> # tcpdump -r test3.log
> reading from file test3.log, link-type EN10MB (Ethernet)
> 10:32:49.678159 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:32:49.678511 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 10:32:51.678109 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:32:51.678483 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 10:32:53.678094 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:32:53.678434 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 10:32:55.678096 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:32:55.678457 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 10:32:57.678153 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:32:57.678499 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 10:32:59.678122 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:32:59.678483 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 10:33:01.678097 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:33:01.678461 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 10:33:03.678125 IP ws10.cambria.com.ntp > dns1.cambria.com.ntp: NTPv4 client, strat 0, poll 6, prec -20
> 10:33:03.678488 IP dns1.cambria.com.ntp > ws10.cambria.com.ntp: NTPv4 server, strat 2, poll 6, prec -20
> 
> 
>>Can you run the programs with the "-d" option, so that we can see some more 
>>debugging output, to get a better idea of what's really going on?
> 
> 
> # ntpdate -d 65.200.108.234
>  8 Sep 10:36:01 ntpdate[20438]: ntpdate 4.2.0a at 1.1196-r Tue Sep  6 04:54:01 PDT 2005 (1)
> Looking for host 65.200.108.234 and service ntp
> host found : dns1.cambria.com
> transmit(65.200.108.234)
> receive(65.200.108.234)
> transmit(65.200.108.234)
> receive(65.200.108.234)
> transmit(65.200.108.234)
> receive(65.200.108.234)
> transmit(65.200.108.234)
> receive(65.200.108.234)
> transmit(65.200.108.234)
> server 65.200.108.234, port 123
> stratum 2, precision -20, leap 00, trust 000
> refid [65.200.108.234], delay 0.02596, dispersion 0.00000
> transmitted 4, in filter 4
> reference time:    c6caf400.3f6f5caf  Thu, Sep  8 2005 10:31:44.247
> originate timestamp: c6caf503.4774256b  Thu, Sep  8 2005 10:36:03.279
> transmit timestamp:  c6caf501.cf47b677  Thu, Sep  8 2005 10:36:01.809
> filter delay:  0.02605  0.02603  0.02596  0.02596
>         0.00000  0.00000  0.00000  0.00000
> filter offset: 1.469256 1.469245 1.469241 1.469242
>         0.000000 0.000000 0.000000 0.000000
> delay 0.02596, dispersion 0.00000
> offset 1.469241
> 
> 8 Sep 10:36:01 ntpdate[20438]: step time server 65.200.108.234 offset 1.469241 sec
> 
> 
> 
>>	When running ntpdate, have you made sure that you don't already 
>>have a copy of ntpd running?
> 
> 
> Yes - ntpdate -b won't run if ntpd is running...
> 
> # ntpd
> 
> # ntpdate -b 65.200.108.234
> 8 Sep 10:38:10 ntpdate[20443]: the NTP socket is in use, exiting
> 
> # killall ntpd
> 
> # ntpdate -b 65.200.108.234
> 8 Sep 10:38:28 ntpdate[20446]: no server suitable for synchronization found
> 
> 
>>	Speaking of which, have you looked in your log files to see if 
>>there are any entries from ntpdate or ntpd that are complaining about 
>>being unable to set the clock?
> 
> 
> Only this...
> 
> Sep  8 10:33:05 sniffy ntpd[20431]: no reply; clock not set
> 
> Although according to tcpdump, it looks like there is a reply from the server.  But for some reason the client finds the reply unacceptable with -b, although the response looks perfectly sane with -q.
> 
> 
>>If not, are you sure you've got your 
>>/etc/syslog.conf file set up correctly so that you would see these 
>>complaints if they were being logged?
> 
> 
> I'm pretty sure this is okay, as ntp log information is showing up in /var/log/messages
> 
> 
> 
> Greg
> 
> 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
> 




More information about the questions mailing list