[ntp:questions] Re: ntpd works, ntpdq times-out ?
Richard B. Gilbert
rgilbert88 at comcast.net
Fri Jan 20 01:10:42 UTC 2006
blacksburgjerome at gmail.com wrote:
>I'm running ntpd on our RedHat Linux firewall. It seems to be working
>OK according to the logs. Plus I can ntpq it 'remotely' from another
>machine in the LAN.
>[machine-b]# ntpq -p machine-a
> remote refid st t when poll reach delay offset
>+otc1.psu.edu .WWV. 1 u 57 64 77 111.122 -23.150
>-ntp-1.cns.vt.ed timelord.cns.vt 2 u 1 64 177 97.639 6.030
>+clock1.redhat.c .CDMA. 1 u 61 64 77 83.241 -3.625
>*clock2.redhat.c .CDMA. 1 u - 64 177 102.931 -3.521
>However, when I run ntpq on the firewall it times-out!
>[machine-a]# ntpq -p
>127.0.0.1: timed out, nothing received
>***Request timed out
>ntp.conf looks like this (minus some of the other servers for brevity)
>------ BEGIN ntp.conf -----
>restrict default ignore
>restrict 192.168.0.1 mask 255.255.255.255 nomodify notrap
>restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap
>restrict 220.127.116.11 mask 255.255.255.255 nomodify notrap noquery
>fudge 127.127.1.0 stratum 10
>------ END ntp.conf -----
>That is annoying. Anyone know why I can't use ntpq on the firewall?
>[machine-a]$ rpm -q ntp
>[machine-a]$ rpm -q redhat-release
>BTW I even tried the following 2-line ntp.conf and got the same
I believe you'll find the problem here:
restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap
Lose that and see if it works! If so, you might try putting it back without the "notrust". The semantics of notrust were changed between ntpd 4.1 and 4.2 (one of those really bad ideas. . . . causes endless confusion). The current meaning is that ntpd is supposed to require authentication. I never used ntpd 4.1 and don't recall what notrust used to mean.
More information about the questions