[ntp:questions] Re: I'm missing something about restrict

Richard B. Gilbert rgilbert88 at comcast.net
Sat May 28 22:36:01 UTC 2005


Scott Becker wrote:

> I've got a working time server for my building.
> I'm trying to use it to sync my other servers instead of them bugging 
> the public servers.
> I'm trying to specify them with the restrict line but still get denied.
>
> Here's my config file:
> # default config (with RHEL)
> restrict default nomodify notrap noquery
> restrict 127.0.0.1
>
> # my subnet - timeservice works from this
> restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
>
> # my host outside my subnet - it gets 'unreachable'
> restrict 66.235.70.240 nomodify notrap
> # I added this but it didn't help
> server 66.235.70.240
>
> # the servers I'm syncing from
> server clock.via.net
> server bigben.ucsd.edu
>
> # rest of the default config
> server  127.127.1.0     # local clock
> fudge   127.127.1.0 stratum 10
>
> driftfile /var/lib/ntp/drift
> broadcastdelay  0.008
>
> keys            /etc/ntp/keys
>
>
>
> I've read all I can about the restrict command and as far as I can 
> tell this should work but it don't.
>
>    Thanks
>    scottb
>
This may be too obvious but. . . .    Does it work without any restrict 
statements?   There are reasons for a server becoming unreachable that 
have nothing to do with restrict statements.

Does it work if you comment out your restrict default ignore?  If it 
works without that but with all your other restrict statements, one or 
more of your remaining restrict statements is too restrictive.

It's also helpful to mention what version of ntpd you are running; the 
semantics of the restrict statement changed between two recent versions; 
I believe it was between 4.1 and 4.2 but I can't swear to it.




More information about the questions mailing list