[ntp:questions] Re: Newbie question - ntpd not answering requests
Richard B. Gilbert
rgilbert88 at comcast.net
Wed Oct 20 22:06:51 UTC 2004
>I'm running NTP 4.2.0-r2 from ntp.org on a Gentoo linux box. My
>ntp.conf file is as follows:
>restrict pool.ntp.org nomodify notrap noquery
>restrict 10.0.0.0 mask 255.0.0.0 notrust nomodify notrap
>My server is syncing time with the pool.ntp.org server, but it won't
>answer ntp requests from my internal 10.0.0.0/8 network. My ntp server
>is directly connected to the 10.0.0.0/8 network, and there is no
>firewall in between. When I run ntpd in debug mode, I show the ntp
>requests being received but the server does not respond to them. Any
>ideas? Am I missing something in my configuration file?
>Thanks so much!
It's not causing your current problem but I believe that:
restrict 10.0.0.0 mask 255.0.0.0 notrust nomodify notrap
You have opened your server to everybody on the 10.*.*.* network. I
believe that the /8 means that only the last octet of the address is the
local network so:
restrict 10.0.0.0 mask 255.255.255.0 notrust nomodify notrap
is probably what you meant to do. If you really meant to allow all 2^24
addresses on the 10 net to access your server, sorry about that.
Your problem is almost certainly your restrict statements. Lose them
all and things should start to work.
Then, since you probably don't want to serve time to the whole world or
have random people dinking with your server, you need to put the
restrict statements back.
restrict default ignore # Ignore everyone by default
restrict 127.0.0.1 # Allow local host to do anything
restrict pool.ntp.org nomodify notrap noquery
restrict 10.0.0.0 mask 255.255.255.0 # Allow anything from your local
You can restore the notrust, nomodify and notrap in the last statement
one at a time and see which one(s) is/are causing the problem. I think
that notrust is the likeliest cause of your problem but testing will
prove or disprove that rather quickly.
More information about the questions