[ntp:questions] Reachable and rejected

Richard B. Gilbert rgilbert88 at comcast.net
Wed Sep 10 23:23:09 UTC 2008

Dave Close wrote:
> I hope I didn't miss an easy answer while reading the FAQ, list archive,
> and other documents online. I have some systems which are separated from
> their time servers by a NAT proxy. Those which are not separated seem to
> work just fine but those beyond the proxy don't keep time correctly. For
> example, on one of them I got this output:
> # ntpq -p
>      remote           refid      st t when poll reach   delay   offset  jitter
> ==============================================================================
>  server-1       2 u   52   64  377    2.022  -41630.  19.566
>  server-2       2 u    6   64  377    2.121  -41601.  19.996
> # ntpq -c as
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 20192  9024   yes   yes  none    reject   reachable  2
>   2 20193  9024   yes   yes  none    reject   reachable  2
> Those time servers aren't ideal but they are beyond my control and these
> are the only two I have available. The local firewall won't let me use
> servers on the Internet.
> What I haven't found while reading is how it is possible for a server to
> be both reachable and rejected. Note that the reject condition is not
> constant; the servers are accepted occasionally, but not for very long.
> Can this situation be remedied?

I would START by setting the correct time on each machine.  You can 
either start ntpd with the "-g" switch, or you can use ntpdate to set 
the time.  Without doing one or the other I doubt that your machine will 
EVER synchronize.

Please try this, wait for at least 30 minutes, and then issue:
ntpq -p

and report your results.

More information about the questions mailing list