[ntp:questions] ntpd not responding on localhost

Nick Bright nick.bright at terraworld.net
Tue Feb 12 06:06:15 UTC 2008


The resolution ended up being to comment out:

restrict default ignore

from the default ntpd.conf

After I commented out that line, I was able to get updates from the 
servers I had configured, as well as provide updates to client devices.

For those coming upon this in a search engine result, please be advised 
that this may have security implications that I don't know about... For 
my application, the server is behind a hardware firewall in a fairly 
controlled network, so I'm not too concerned; but if you're running an 
internet server find out the proper command syntax for the most secure 
operation!

Nick Bright wrote:
> I've installed and configured NTP on a RHEL 3 machine, and configured it 
> to query the US pool servers.
>
> Unfortunately, because the firewall administrator this machine is behind 
> hasn't yet set up the firewall rules the time can't sync. At least I 
> assume that he hasn't done it, because the time isn't syncing.
>
> ntpq> pe
>       remote     refid      st t when poll reach   delay   offset  jitter
> ========================================================================
>   217.160.254.116 0.0.0.0   16 u    -  128    0    0.000    0.000 4000.00
>   75.144.70.35    0.0.0.0   16 u    -  128    0    0.000    0.000 4000.00
>   72.232.254.202  0.0.0.0   16 u    -  128    0    0.000    0.000 4000.00
>   208.75.88.4     0.0.0.0   16 u    -  128    0    0.000    0.000 4000.00
>
> However, if I execute "ntpdate -u localhost" it replies with:
>
> ntpdate[8246]: no server suitable for synchronization found
>
> I did verify that I can sync with an external source, though:
>
> ntpdate -u 217.160.254.116
>   8 Feb 19:04:00 ntpdate[8247]: adjust time server 217.160.254.116 
> offset -0.302278 sec
>
> So my questions are:
>
> If the NTPD isn't synchronized with external servers, will it simply 
> ignore clients?
>
> If it doesn't ignore clients, why would my ntpdate command run on the 
> local machine not be able to query the server? It can't be the firewall, 
> because iptables is completely disabled.
>
> Thanks,
>   




More information about the questions mailing list