[ntp:questions] ntpd sets system time, won't serve it to others

J.D. Baldwin INVALID_SEE_SIG at example.com.invalid
Fri Feb 3 05:46:20 UTC 2012



I have a new CentOS server on which I installed ntp.  Yes, I opened up
iptables to both tcp and udp port 123.  It works great to get / keep
the system itself synced with correct time, but when others query it,
it fails.  Ideas appreciated.

On CentOS host "chumley":

# cat /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 10.1.1.0 mask 255.255.255.0
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
statistics clockstats cryptostats loopstats peerstats

# ntpq -pcrv
assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.4p8 at 1.1612-o Tue Nov 29 00:09:12 UTC 2011 (1)",
processor="x86_64", system="Linux/2.6.32-220.4.1.el6.x86_64", leap=11,
stratum=16, precision=-22, rootdelay=0.000, rootdispersion=1.335,
peer=0, refid=INIT,
reftime=00000000.00000000  Thu, Feb  7 2036  1:28:16.000, poll=6,
clock=d2d5f197.fa558709  Fri, Feb  3 2012  0:39:35.977, state=0,
offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000, tai=0
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
clock.team-cymr 172.16.65.22     2 u   24   64    3   47.440  184.516  14.422
pool-test.ntp.o 127.67.113.92    2 u   25   64    3   94.360  181.398  11.742
barricade.rack9 209.51.161.238   2 u   23   64    3   43.671  185.172  12.250

Query from Solaris host:

$ ntpdate -q chumley
server 10.1.1.18, stratum 16, offset -0.168184, delay 0.02646
 3 Feb 00:38:08 ntpdate[4110]: no server suitable for synchronization found

Here's what happens when I run ntpd -ddd on chumley and do the same query:

peer 216.129.110.22 event 'event_reach' (0x84) status 'unreach, conf, 1 event, event_reach' (0x8014)
poll_update: at 3 216.129.110.22 flags 0001 poll 6 burst 0 last 3 next 69
clock_filter: n 1 off 0.012866 del 0.064307 dsp 7.937502 jit 0.000000, age 0
main: scheduled event in 62.934454
main: elapsed 0.840788
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.159085
main: elapsed 0.841887
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.158029
main: elapsed 0.842952
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.156965
main: elapsed 0.844032
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.155886
main: elapsed 1.000168
loopfilter: 1
main: scheduled event in 0.999811
main: elapsed 1.001017
loopfilter: 1
main: scheduled event in 60.998953

tcpdump confirms bidirectional traffic during the queries.

I am at a loss to understand why this simple thing is not working.  I
would be appreciative of any suggestions.
-- 
  _+_ From the catapult of |If anyone objects to any statement I make, I am
_|70|___:)=}- J.D. Baldwin |quite prepared not only to retract it, but also
\      /  baldwin at panix.com|to deny under oath that I ever made it.-T. Lehrer
***~~~~----------------------------------------------------------------------



More information about the questions mailing list