[ntp:questions] Re: Connect problem 4.1.2-4 redhat server
Steve Kostecke
kostecke at ntp.isc.org
Tue Aug 16 04:33:51 UTC 2005
On 2005-08-15, t_pascal at my-deja.com <t_pascal at my-deja.com> wrote:
> >Please see http://ntp.isc.org/Support/AccessRestrictions for information
> >about how to control access to your ntpd.
>
> This was a good resource, and I was hopeful it would fix a strange
> problem I have.
>
> Server: RedHat ES3, ntp 4.1.2-4, address 192.168.100.a
> Per the suggestion in the document, I tried this "restrict 192.168.0.0
> mask 255.255.0.0 nomodify"
Why do you feel that you need this restriction?
> Client1: RedHat 7.3 kernel 2.4.30, ntp 4.1.1-2 address 192.168.100.b
> Client2: RedHat ES3, ntp 4.1.2-4, address 192.168.101.c
> Client3: RedHat 7.3 kernel 2.4.30, ntp 4.1.1-2 address 192.168.101.d
>
> Server connects to external (internet) servers and synchs well via
> firewall.
> Client1 connects to Server perfectly and syncs well, with or without
> "notrust" option.
The meaning of "notrust" has changed. Please see
http://ntp.isc.org/bin/view/Support/AccessRestrictions#Section_6.4.3.1.
> Client2 cannot connect to Server at all, tried every number of options
> and settings. NOT A ROUTING or FIREWALL ISSUE, believe me. Packets
> are received on Server, but nothing happens.
> Client3 can sync the time with ntpdate, but not with ntpd. This is
> some further proof that there is no routing or firewall issue, but
> makes the problem extremely strange.
>
> Sorry to self-followup, but I reversed Client2 and Client3. Basically,
> the two versions cooperate fully on the same subnet. The 4.1.2 server
> will reply to a 4.1.2 client via ntpdate ONLY (across a different
> subnet). The 4.1.1 clients are totally ignored across subnets (but
> work fine on the same subnet as noted).
It is possible that ntpdate is being invoked with '-u', for "use an
unprivileged source port. That would explain why ntpdate works even
though port 123/UDP is not completely open between the two sub-nets.
>> Any help, other the version numbers? I am using standard RedHat issued
>> software for the ES servers, but I suppose I can downgrade to 4.1.1 (if
>> that will help?) Or do I upgrade? Note that upgrading to 4.1.2-4 on
>> the 7.3 servers would break them. :(
>>
> I wasn't clear enough here. Downgrading my clients to 4.1.1 would only
> work on the same subnet. Upgrading clients to 4.1.2 on different
> subnets only gets a reply to ntpdate and would prefer to use ntpd to
> discipline the clocks.
It would be helpful to see the ntp.conf files for all 4 systems.
--
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/
More information about the questions
mailing list