[ntp:questions] Reachable and rejected

Dave Close dave at compata.com
Thu Sep 11 00:51:46 UTC 2008


Steve Kostecke <kostecke at ntp.org> writes:

>On 2008-09-10, Dave Close <dave at compata.com> wrote:

>> I hope I didn't miss an easy answer while reading the FAQ, list
>> archive, and other documents online. I have some systems which are
>> separated from their time servers by a NAT proxy. Those which are not
>> separated seem to work just fine but those beyond the proxy don't keep
>> time correctly. For example, on one of them I got this output:

>The system shown below has no problem polling the remote time servers.
>So you can rule out NAT as a problem.

>> # ntpq -p
>>  remote    refid     st t when poll reach delay  offset jitter
>> ==============================================================
>> server-1  172.16.2.5  2 u   52   64  377  2.022 -41630. 19.566
>> server-2  172.16.2.5  2 u    6   64  377  2.121 -41601. 19.996

>This ntpd was 41.6 seconds away from the those servers at the time this
>billboard was taken. That is a very large offset.

>I would check in the syslog and see if ntpd is having to step the clock.
>If that is the case you need to fix whatever is causing this massive
>drift.

>-- 
>Steve Kostecke <kostecke at ntp.org>
>NTP Public Services Project - http://support.ntp.org/

I am having the same problem on SEVENTEEN machines, all of which are
behind the NAT, and I am NOT having the problem on dozens more which
are not behind it and are configured identically. These are all Fedora
machines which run ntpdate automatically as part of /etc/init.d/ntpd.
The example above is from a machine behind the NAT which had been
running for more than a week. The drift does not surprise me.

In desperation, I have changed several of the machines behind the
NAT to run ntpd -gq periodically, and stopped the ntpd daemon. Those
machines are tracking the correct time fairly closely, within less
than a second always. But I don't like this kludge and would love the
find the right solution.
-- 
Dave Close, Compata, Costa Mesa CA  "There is no security on this earth.
dave at compata.com, +1 714 434 7359    There is only opportunity."
dhclose at alumni.caltech.edu             -- Douglas MacArthur

-- 
Dave Close, Compata, Costa Mesa CA  "Politics is the business of getting
dave at compata.com, +1 714 434 7359    power and privilege without
dhclose at alumni.caltech.edu           possessing merit." - P. J. O'Rourke




More information about the questions mailing list