[ntp:questions] Re: ntpd works, ntpdq times-out ?

Richard B. Gilbert rgilbert88 at comcast.net
Fri Jan 20 01:10:42 UTC 2006


blacksburgjerome at gmail.com wrote:

>I'm running ntpd on our RedHat Linux firewall.  It seems to be working
>OK according to the logs.  Plus I can ntpq it 'remotely' from another
>machine in the LAN.
>
>[machine-b]# ntpq -p machine-a
>     remote           refid      st t when poll reach   delay   offset
>jitter
>==============================================================================
>+otc1.psu.edu    .WWV.            1 u   57   64   77  111.122  -23.150
> 3.132
>-ntp-1.cns.vt.ed timelord.cns.vt  2 u    1   64  177   97.639    6.030
> 0.794
>+clock1.redhat.c .CDMA.           1 u   61   64   77   83.241   -3.625
> 1.347
>*clock2.redhat.c .CDMA.           1 u    -   64  177  102.931   -3.521
> 7.287
>
>However, when I run ntpq on the firewall it times-out!
>
>[machine-a]# ntpq -p
>127.0.0.1: timed out, nothing received
>***Request timed out
>
>ntp.conf looks like this (minus some of the other servers for brevity)
>------ BEGIN ntp.conf -----
>restrict default ignore
>restrict 192.168.0.1 mask 255.255.255.255 nomodify notrap
>restrict 127.0.0.1
>restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap
>
># clock.redhat.com
>restrict 66.187.233.4 mask 255.255.255.255 nomodify notrap noquery
>server 66.187.233.4
>
>fudge	127.127.1.0 stratum 10
>driftfile /etc/ntp/drift
>broadcastdelay	0.008
>authenticate no
>------ END ntp.conf -----
>
>That is annoying.  Anyone know why I can't use ntpq on the firewall?
>
>[machine-a]$ rpm -q ntp
>ntp-4.1.1-1
>[machine-a]$ rpm -q redhat-release
>redhat-release-7.2-1
>
>BTW I even tried the following 2-line ntp.conf and got the same
>results:
>server 66.187.233.4
>driftfile /etc/ntp/drift
>
>TIA
>Jerome
>
>  
>
I believe you'll find the problem here:

restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap

Lose that and see if it works!  If so, you might try putting it back without the "notrust".  The semantics of notrust were changed between ntpd 4.1 and 4.2 (one of those really bad ideas. . . . causes endless confusion).  The current meaning is that ntpd is supposed to require authentication.  I never used ntpd 4.1 and don't recall what notrust used to mean.






More information about the questions mailing list