[ntp:questions] Reachable and rejected
dave at compata.com
Thu Sep 11 00:51:46 UTC 2008
Steve Kostecke <kostecke at ntp.org> writes:
>On 2008-09-10, Dave Close <dave at compata.com> wrote:
>> I hope I didn't miss an easy answer while reading the FAQ, list
>> archive, and other documents online. I have some systems which are
>> separated from their time servers by a NAT proxy. Those which are not
>> separated seem to work just fine but those beyond the proxy don't keep
>> time correctly. For example, on one of them I got this output:
>The system shown below has no problem polling the remote time servers.
>So you can rule out NAT as a problem.
>> # ntpq -p
>> remote refid st t when poll reach delay offset jitter
>> server-1 172.16.2.5 2 u 52 64 377 2.022 -41630. 19.566
>> server-2 172.16.2.5 2 u 6 64 377 2.121 -41601. 19.996
>This ntpd was 41.6 seconds away from the those servers at the time this
>billboard was taken. That is a very large offset.
>I would check in the syslog and see if ntpd is having to step the clock.
>If that is the case you need to fix whatever is causing this massive
>Steve Kostecke <kostecke at ntp.org>
>NTP Public Services Project - http://support.ntp.org/
I am having the same problem on SEVENTEEN machines, all of which are
behind the NAT, and I am NOT having the problem on dozens more which
are not behind it and are configured identically. These are all Fedora
machines which run ntpdate automatically as part of /etc/init.d/ntpd.
The example above is from a machine behind the NAT which had been
running for more than a week. The drift does not surprise me.
In desperation, I have changed several of the machines behind the
NAT to run ntpd -gq periodically, and stopped the ntpd daemon. Those
machines are tracking the correct time fairly closely, within less
than a second always. But I don't like this kludge and would love the
find the right solution.
Dave Close, Compata, Costa Mesa CA "There is no security on this earth.
dave at compata.com, +1 714 434 7359 There is only opportunity."
dhclose at alumni.caltech.edu -- Douglas MacArthur
Dave Close, Compata, Costa Mesa CA "Politics is the business of getting
dave at compata.com, +1 714 434 7359 power and privilege without
dhclose at alumni.caltech.edu possessing merit." - P. J. O'Rourke
More information about the questions