[ntp:questions] NTPD not receiving any response from timservers

Per Hedeland per at hedeland.org
Mon Nov 6 21:38:37 UTC 2006


In article <1162844895.422061.160540 at k70g2000cwa.googlegroups.com>
lingsmail at gmail.com writes:
>
>I'm trying to set up NTPD on a gentoo box to serve time to my network.
>Needless to say, it's not working.

Pessimist.:-)

>It remains as a stratum 16 server, because it is not syncing.
>
>Below is lots of information on what ntp is doing, hopefully some of it
>will be useful.

[snip]

>0x201 0x1 ttl 0 key 00000000
>local_clock: time 0 base 0.000000 offset 0.000000 freq -15.882 state 1
>report_event: system event 'event_restart' (0x01) status 'sync_alarm,
>sync_unspec, 1 event, event_unspec' (0xc010)
>transmit: at 1 xxx.xxx.xxx.120->158.152.1.76 mode 3
>auth_agekeys: at 1 keys 1 expired 0
>timer: refresh ts 0
>transmit: at 2 xxx.xxx.xxx.120->81.187.65.110 mode 3
>transmit: at 3 xxx.xxx.xxx.120->213.170.141.38 mode 3
>transmit: at 3 xxx.xxx.xxx.120->158.152.1.76 mode 3
>transmit: at 4 xxx.xxx.xxx.120->81.187.65.110 mode 3
>transmit: at 5 xxx.xxx.xxx.120->213.170.141.38 mode 3
>transmit: at 5 xxx.xxx.xxx.120->158.152.1.76 mode 3
>transmit: at 6 xxx.xxx.xxx.120->81.187.65.110 mode 3
>transmit: at 7 xxx.xxx.xxx.120->213.170.141.38 mode 3
>transmit: at 7 xxx.xxx.xxx.120->158.152.1.76 mode 3
>transmit: at 8 xxx.xxx.xxx.120->81.187.65.110 mode 3
>and so on and so forth.  Occasionally keys expire.

I think that you can guess that for a normally functioning server, there
would be some number of "receive"s reported along with the "transmit"s
(ideally the numbers should be the same...) - and that would happen
regardless of whether the packets were subsequently discarded due to
"restrict" statements. I.e. your ntpd is simply not receiveing any
responses to its queries - not a ntpd problem.

>I have iptables running, and although I believe as long as established
>connections are allowed through it should need no special
>configuration, it my first port of call.  However, after flushing and
>setting its default policy to accept for everything, the results were
>no different.  I am not an iptables wizard though, so could have missed
>something.

Yes, iptables or equivalent is a primary suspect, and yes, flushing and
setting default policy to accept for everything should deal with that.
Perhaps there is some other packet filtering going on, e.g. at the
router that connects you to the Internet?

>As an aside, how do I prevent ntpd from listening on a particular
>interface?

You can't, search the group archives for lengthy discussions on the
subject. But you can use iptables to block packets coming in on
interfaces where you don't want them to come in...

--Per Hedeland
per at hedeland.org




More information about the questions mailing list