[ntp:questions] Re: Connect problem 4.1.2-4 redhat server

Richard B. Gilbert rgilbert88 at comcast.net
Tue Aug 16 17:30:44 UTC 2005


t_pascal at my-deja.com wrote:

>Steve Kostecke wrote:
>  
>
>>On 2005-08-15, t_pascal at my-deja.com <t_pascal at my-deja.com> wrote:
>>
>>    
>>
>>>>Please see http://ntp.isc.org/Support/AccessRestrictions for information
>>>>about how to control access to your ntpd.
>>>>        
>>>>
>>>This was a good resource, and I was hopeful it would fix a strange
>>>problem I have.
>>>
>>>Server:  RedHat ES3, ntp 4.1.2-4, address 192.168.100.a
>>>Per the suggestion in the document, I tried this "restrict 192.168.0.0
>>>mask 255.255.0.0 nomodify"
>>>      
>>>
>>Why do you feel that you need this restriction?
>>
>>    
>>
>I was following the suggestions of the last section of the document.  I
>even tried "restrict 192.168.0.0 mask 255.255.0.0" to allow all (the
>"restrict default ignore" is in place)  Also, see this web page (a
>little further down) on "Linux NTP clients can't connect" refers to
>Fedora Core 2, but might be a proxy for ES 3:
>
>http://www.linuxhomenetworking.com/linux-hn/ntp.htm#_Toc91350038
>
>I'm pretty sure the RedHat distributions are broken.  I'm going to find
>the latest package and see if it works.  Sorry to bother y'all with
>these minor problems.
>
>  
>
>>>Client1:  RedHat 7.3 kernel 2.4.30, ntp 4.1.1-2 address 192.168.100.b
>>>Client2:  RedHat ES3, ntp 4.1.2-4, address 192.168.101.c
>>>Client3:  RedHat 7.3 kernel 2.4.30, ntp 4.1.1-2 address 192.168.101.d
>>>
>>>Server connects to external (internet) servers and synchs well via
>>>firewall.
>>>Client1 connects to Server perfectly and syncs well, with or without
>>>"notrust" option.
>>>      
>>>
>>The meaning of "notrust" has changed. Please see
>>http://ntp.isc.org/bin/view/Support/AccessRestrictions#Section_6.4.3.1.
>>
>>    
>>
>I'm using 4.1 on all systems, not 4.2.
>
>  
>
>>>Sorry to self-followup, but I reversed Client2 and Client3.  Basically,
>>>the two versions cooperate fully on the same subnet.  The 4.1.2 server
>>>will reply to a 4.1.2 client via ntpdate ONLY (across a different
>>>subnet).  The 4.1.1 clients are totally ignored across subnets (but
>>>work fine on the same subnet as noted).
>>>      
>>>
>>It is possible that ntpdate is being invoked with '-u', for "use an
>>unprivileged source port. That would explain why ntpdate works even
>>though port 123/UDP is not completely open between the two sub-nets.
>>
>>    
>>
>No, I'm not using the -u option.
>
>  
>
>>It would be helpful to see the ntp.conf files for all 4 systems.
>>
>>    
>>
>I will post if I can't get 4.2 working.  They are all standard, vanilla
>conf files, the client files are exactly the same; the only difference
>is the "server" definitions and the "restrict" lines I mentioned above
>on the server.
>
>  
>
Do the clients work without any restrict statements?




More information about the questions mailing list