[ntp:questions] Re: I'm missing something about restrict
Richard B. Gilbert
rgilbert88 at comcast.net
Sat May 28 22:36:01 UTC 2005
Scott Becker wrote:
> I've got a working time server for my building.
> I'm trying to use it to sync my other servers instead of them bugging
> the public servers.
> I'm trying to specify them with the restrict line but still get denied.
> Here's my config file:
> # default config (with RHEL)
> restrict default nomodify notrap noquery
> restrict 127.0.0.1
> # my subnet - timeservice works from this
> restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
> # my host outside my subnet - it gets 'unreachable'
> restrict 126.96.36.199 nomodify notrap
> # I added this but it didn't help
> server 188.8.131.52
> # the servers I'm syncing from
> server clock.via.net
> server bigben.ucsd.edu
> # rest of the default config
> server 127.127.1.0 # local clock
> fudge 127.127.1.0 stratum 10
> driftfile /var/lib/ntp/drift
> broadcastdelay 0.008
> keys /etc/ntp/keys
> I've read all I can about the restrict command and as far as I can
> tell this should work but it don't.
This may be too obvious but. . . . Does it work without any restrict
statements? There are reasons for a server becoming unreachable that
have nothing to do with restrict statements.
Does it work if you comment out your restrict default ignore? If it
works without that but with all your other restrict statements, one or
more of your remaining restrict statements is too restrictive.
It's also helpful to mention what version of ntpd you are running; the
semantics of the restrict statement changed between two recent versions;
I believe it was between 4.1 and 4.2 but I can't swear to it.
More information about the questions