[ntp:questions] Re: "restrict" option : help

Richard B. Gilbert rgilbert88 at comcast.net
Thu Jun 23 19:34:47 UTC 2005


Jojo wrote:

> Hi,
>
> i don't understand what's wrong, i explain :
>
> i have a ntp server serving my company.
> it's wide open to the internet and I want to restrict this.
>
> this is my ntp.conf :
>
> # deny access to all by default
> restrict default ignore
>
> # me
> restrict 127.0.0.1
>
> # me, directly connected to the internet
> restrict my.ntp.server.ip
>
> # my network
> restrict 172.16.0.0 mask 255.255.0.0 nomodify
>
> # stratum 2 server
> server ntp.johndoe.com
>
>
>
> The problem is when I use ntpq -p
> I see that ntp.johndoe.com stratum value is 16 (meaning unaccessible).
>
> Have you got tips about this issue ?

It's not clear from your message if you have done this or not!

Add
restrict <numeric IP address of ntp.johndoe.com> 255.255.255.255 nomodify.

You MUST use the numeric IP address in each restrict statement!!  If
"# me, directly connected to the internet
restrict my.ntp.server.ip "
was intended to represent the actual numeric address, it was not 
sufficiently clear.




More information about the questions mailing list