[ntp:questions] ntpd not responding on localhost
Richard B. Gilbert
rgilbert88 at comcast.net
Sat Feb 9 03:35:46 UTC 2008
Nick Bright wrote:
> I've installed and configured NTP on a RHEL 3 machine, and configured it
> to query the US pool servers.
>
> Unfortunately, because the firewall administrator this machine is behind
> hasn't yet set up the firewall rules the time can't sync. At least I
> assume that he hasn't done it, because the time isn't syncing.
>
> ntpq> pe
> remote refid st t when poll reach delay offset jitter
> ========================================================================
> 217.160.254.116 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 75.144.70.35 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 72.232.254.202 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 208.75.88.4 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
>
> However, if I execute "ntpdate -u localhost" it replies with:
>
> ntpdate[8246]: no server suitable for synchronization found
>
> I did verify that I can sync with an external source, though:
>
> ntpdate -u 217.160.254.116
> 8 Feb 19:04:00 ntpdate[8247]: adjust time server 217.160.254.116
> offset -0.302278 sec
>
> So my questions are:
>
> If the NTPD isn't synchronized with external servers, will it simply
> ignore clients?
>
> If it doesn't ignore clients, why would my ntpdate command run on the
> local machine not be able to query the server? It can't be the firewall,
> because iptables is completely disabled.
>
> Thanks,
Assuming that you waited at least 30 minutes before printing that ntpq
"banner", the servers you have configured are unreachable.
As I recall, ntpdate -u uses a "non-privileged port" whereas ntpdate and
ntpd both normally use port 123. This suggests that the firewall is
passing ports 1025 and above and not port 123. If ntpdate without the
"-u" does not work, it would tend to confirm this hypothesis.
Get your firewall straightened out. AFAIK there is no good reason to
block port 123.
More information about the questions
mailing list