[ntp:questions] Re: cant connect to ntp server

Steve Kostecke kostecke at ntp.isc.org
Thu Jun 9 17:42:31 UTC 2005

On 2005-06-08, Sachin Prasad <sprasad at cardcommerce.com> wrote:

> 1) I need help. Don't know what to do next. The ntp server does
>not connect to any servers. I modified the checkpoint firewall to
>allow both tcp and udp port 123 for my machine. I then configured the
>ntp.conf file

Assuming that you have included all of your ntp.conf, I've omitted the
comments for legibility...

> driftfile /etc/ntp/drift
> logfile /var/log/ntpd.conf
> restrict
> restrict mask notrust nomodify notrap

Your restrict statements make no sense as you've not specified
(or perhaps you just omitted it) a default restriction. Take another
look at your ntp.conf and see if there is a 'restrict default ignore'
line any where.

Please see http://ntp.isc.org/Support/AccessRestrictions for information
about setting your ntpd access restrictions. In particular, see the
section about the change of meaning for 'notrust'.

You should append 'iburst' to your server lines for faster initial

> server time.nist.gov
> server clock.via.net

These two time servers are stratum-1 time servers. According to the
Rules of Engagement (http://ntp.isc.org/Servers/RulesOfEngagement) you
should not be using stratum-1 time servers unless you're supporting a
sizable population of other servers and clients on the order of 100 or

> server
> server clock.isc.org
> server clock.redhat.com
> #server     # local clock
> fudge stratum 10

If you're not using the LocalCLK go ahead and comment out its fudge

You don't need the following lines unless you are using broadcast
associations and/or symmetric keys for authentication:

> broadcastdelay  0.008
> authenticate yes
> keys            /etc/ntp/keys

Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

More information about the questions mailing list