[ntp:questions] ntpd not responding on localhost
Richard B. Gilbert
rgilbert88 at comcast.net
Sat Feb 9 03:35:46 UTC 2008
Nick Bright wrote:
> I've installed and configured NTP on a RHEL 3 machine, and configured it
> to query the US pool servers.
> Unfortunately, because the firewall administrator this machine is behind
> hasn't yet set up the firewall rules the time can't sync. At least I
> assume that he hasn't done it, because the time isn't syncing.
> ntpq> pe
> remote refid st t when poll reach delay offset jitter
> 184.108.40.206 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 220.127.116.11 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 18.104.22.168 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 22.214.171.124 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> However, if I execute "ntpdate -u localhost" it replies with:
> ntpdate: no server suitable for synchronization found
> I did verify that I can sync with an external source, though:
> ntpdate -u 126.96.36.199
> 8 Feb 19:04:00 ntpdate: adjust time server 188.8.131.52
> offset -0.302278 sec
> So my questions are:
> If the NTPD isn't synchronized with external servers, will it simply
> ignore clients?
> If it doesn't ignore clients, why would my ntpdate command run on the
> local machine not be able to query the server? It can't be the firewall,
> because iptables is completely disabled.
Assuming that you waited at least 30 minutes before printing that ntpq
"banner", the servers you have configured are unreachable.
As I recall, ntpdate -u uses a "non-privileged port" whereas ntpdate and
ntpd both normally use port 123. This suggests that the firewall is
passing ports 1025 and above and not port 123. If ntpdate without the
"-u" does not work, it would tend to confirm this hypothesis.
Get your firewall straightened out. AFAIK there is no good reason to
block port 123.
More information about the questions