[ntp:questions] Re: "restrict" option : help
Richard B. Gilbert
rgilbert88 at comcast.net
Thu Jun 23 19:34:47 UTC 2005
Jojo wrote:
> Hi,
>
> i don't understand what's wrong, i explain :
>
> i have a ntp server serving my company.
> it's wide open to the internet and I want to restrict this.
>
> this is my ntp.conf :
>
> # deny access to all by default
> restrict default ignore
>
> # me
> restrict 127.0.0.1
>
> # me, directly connected to the internet
> restrict my.ntp.server.ip
>
> # my network
> restrict 172.16.0.0 mask 255.255.0.0 nomodify
>
> # stratum 2 server
> server ntp.johndoe.com
>
>
>
> The problem is when I use ntpq -p
> I see that ntp.johndoe.com stratum value is 16 (meaning unaccessible).
>
> Have you got tips about this issue ?
It's not clear from your message if you have done this or not!
Add
restrict <numeric IP address of ntp.johndoe.com> 255.255.255.255 nomodify.
You MUST use the numeric IP address in each restrict statement!! If
"# me, directly connected to the internet
restrict my.ntp.server.ip "
was intended to represent the actual numeric address, it was not
sufficiently clear.
More information about the questions
mailing list