[ntp:questions] Re: Newbie question - ntpd not answering requests

Richard B. Gilbert rgilbert88 at comcast.net
Wed Oct 20 22:06:51 UTC 2004


Laura wrote:

>Hello,
>
>I'm running NTP 4.2.0-r2 from ntp.org on a Gentoo linux box. My
>ntp.conf file is as follows:
>
>----------------------------------
>
>server pool.ntp.org
>
>driftfile       /var/lib/ntp/ntp.drift
>
>restrict 127.0.0.1
>restrict pool.ntp.org nomodify notrap noquery
>restrict 10.0.0.0 mask 255.0.0.0 notrust nomodify notrap
>
>----------------------------------
>
>My server is syncing time with the pool.ntp.org server, but it won't
>answer ntp requests from my internal 10.0.0.0/8 network. My ntp server
>is directly connected to the 10.0.0.0/8 network, and there is no
>firewall in between. When I run ntpd in debug mode, I show the ntp
>requests being received but the server does not respond to them. Any
>ideas? Am I missing something in my configuration file?
>
>Thanks so much!
>
>-Laura
>  
>
Hi Laura,

It's not causing your current problem but I believe that:

restrict 10.0.0.0 mask 255.0.0.0 notrust nomodify notrap

is incorrect!

You have opened your server to everybody on the 10.*.*.* network.   I 
believe that the /8 means that only the last octet of the address is the 
local network so:

restrict 10.0.0.0 mask 255.255.255.0 notrust nomodify notrap

is probably what you meant to do.  If you really meant to allow all 2^24 
addresses on the 10 net to access your server, sorry about that.

Your problem is almost certainly your restrict statements.   Lose them 
all and things should start to work. 

Then, since you probably don't want to serve time to the whole world or 
have random people dinking with your server, you need to put the 
restrict statements back.

Try:
restrict default ignore   # Ignore everyone by default
restrict  127.0.0.1       # Allow local host to do anything
restrict pool.ntp.org  nomodify notrap noquery
restrict 10.0.0.0 mask 255.255.255.0   # Allow anything from your local 
network

You can restore the notrust, nomodify and notrap in the last statement 
one at a time and see which one(s) is/are causing the problem.  I think 
that notrust is the likeliest cause of your problem but testing will 
prove or disprove that rather quickly.






More information about the questions mailing list