[ntp:questions] ntpd sets system time, won't serve it to others
J.D. Baldwin
INVALID_SEE_SIG at example.com.invalid
Fri Feb 3 05:46:20 UTC 2012
I have a new CentOS server on which I installed ntp. Yes, I opened up
iptables to both tcp and udp port 123. It works great to get / keep
the system itself synced with correct time, but when others query it,
it fails. Ideas appreciated.
On CentOS host "chumley":
# cat /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 10.1.1.0 mask 255.255.255.0
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
statistics clockstats cryptostats loopstats peerstats
# ntpq -pcrv
assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.4p8 at 1.1612-o Tue Nov 29 00:09:12 UTC 2011 (1)",
processor="x86_64", system="Linux/2.6.32-220.4.1.el6.x86_64", leap=11,
stratum=16, precision=-22, rootdelay=0.000, rootdispersion=1.335,
peer=0, refid=INIT,
reftime=00000000.00000000 Thu, Feb 7 2036 1:28:16.000, poll=6,
clock=d2d5f197.fa558709 Fri, Feb 3 2012 0:39:35.977, state=0,
offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000, tai=0
remote refid st t when poll reach delay offset jitter
==============================================================================
clock.team-cymr 172.16.65.22 2 u 24 64 3 47.440 184.516 14.422
pool-test.ntp.o 127.67.113.92 2 u 25 64 3 94.360 181.398 11.742
barricade.rack9 209.51.161.238 2 u 23 64 3 43.671 185.172 12.250
Query from Solaris host:
$ ntpdate -q chumley
server 10.1.1.18, stratum 16, offset -0.168184, delay 0.02646
3 Feb 00:38:08 ntpdate[4110]: no server suitable for synchronization found
Here's what happens when I run ntpd -ddd on chumley and do the same query:
peer 216.129.110.22 event 'event_reach' (0x84) status 'unreach, conf, 1 event, event_reach' (0x8014)
poll_update: at 3 216.129.110.22 flags 0001 poll 6 burst 0 last 3 next 69
clock_filter: n 1 off 0.012866 del 0.064307 dsp 7.937502 jit 0.000000, age 0
main: scheduled event in 62.934454
main: elapsed 0.840788
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.159085
main: elapsed 0.841887
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.158029
main: elapsed 0.842952
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.156965
main: elapsed 0.844032
read_network_packet: fd=21 length 48 from 01010107 10.1.1.7
receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000
receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0
sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48)
transmit: at 3 10.1.1.18->10.1.1.7 mode 4
main: scheduled event in 0.155886
main: elapsed 1.000168
loopfilter: 1
main: scheduled event in 0.999811
main: elapsed 1.001017
loopfilter: 1
main: scheduled event in 60.998953
tcpdump confirms bidirectional traffic during the queries.
I am at a loss to understand why this simple thing is not working. I
would be appreciative of any suggestions.
--
_+_ From the catapult of |If anyone objects to any statement I make, I am
_|70|___:)=}- J.D. Baldwin |quite prepared not only to retract it, but also
\ / baldwin at panix.com|to deny under oath that I ever made it.-T. Lehrer
***~~~~----------------------------------------------------------------------
More information about the questions
mailing list