[ntp:questions] Need help on NTP client

Gao gao at pztop.com
Mon Jul 27 18:32:20 UTC 2015


I think I may have some kind of network issue but I couldn't figure out 
where it is.

I did tcpdump on me test(CentOS7) and ovpn(CentOS6, ntpd sever working 
fine):

On the new installed CentOS7, it does send out NTP request:
[root at ovpn ~]# sudo tcpdump -nvv -i eth0 port ntp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 
65535 bytes
11:14:45.163056 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 
UDP (17), length 76)
     192.168.123.30.ntp > 192.168.123.255.ntp: [udp sum ok] NTPv4, length 48
     Broadcast, Leap indicator: +1s (64), Stratum 3 (secondary 
reference), poll 6s, precision -20
     Root Delay: 0.064926, Root dispersion: 0.040405, Reference-ID: 
24.84.16.83
       Reference Timestamp:  3647009532.185647711 (2015/07/27 11:12:12)
       Originator Timestamp: 0.000000000
       Receive Timestamp:    0.000000000
       Transmit Timestamp:   3647009685.150639981 (2015/07/27 11:14:45)
         Originator - Receive Timestamp:  0.000000000
         Originator - Transmit Timestamp: 3647009685.150639981 
(2015/07/27 11:14:45)
11:15:49.162812 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 
UDP (17), length 76)
     192.168.123.30.ntp > 192.168.123.255.ntp: [udp sum ok] NTPv4, length 48
     Broadcast, Leap indicator: +1s (64), Stratum 3 (secondary 
reference), poll 6s, precision -20
     Root Delay: 0.064926, Root dispersion: 0.041366, Reference-ID: 
24.84.16.83
       Reference Timestamp:  3647009532.185647711 (2015/07/27 11:12:12)
       Originator Timestamp: 0.000000000
       Receive Timestamp:    0.000000000
       Transmit Timestamp:   3647009749.150629937 (2015/07/27 11:15:49)
         Originator - Receive Timestamp:  0.000000000
         Originator - Transmit Timestamp: 3647009749.150629937 
(2015/07/27 11:15:49)

BUT on the CentOS6 ovpn side, nothing arrived from that test host!

Another BUT, at another CentOS6, the ntp works fine with the same local 
server(ovpn):
[root at vlamp ~]# ntpq -p
      remote           refid      st t when poll reach   delay offset  
jitter
==================================================
-ovpn.sjv.lan    199.182.221.110  3 u  105 1024  377    0.159 3.735   0.648
+ns507230.ip-192 200.98.196.212   2 u  194 1024  377   99.833 1.483  10.273
*192.95.27.155   200.98.196.212   2 u  885 1024  377  101.236 -4.098   1.650
-fromtheouter.sp 213.251.128.249  2 u 1059 1024  377   82.356 12.651   1.773
+bitdonut.co     18.26.4.105      2 u  229 1024  377   98.643 1.859  11.815


My office network is very simple. One subnet with bunch of switches, one 
router (SonicWall) connect to the internet. If use "ping" to test it 
shows all fine. So what is passable to block/drop the udp packet on port 
123???

Gao



On 15-07-27 09:52 AM, Wang, Yu wrote:
> I know you mentioned that selinux was disabled. Just to verify, could you run 'getenforce'?
>
> Also could you use nmap to scan udp port from your test server and vice versa:
>
> 'nmap -sU -p U:123 -v 192.168.123.46'
>
> You can also do tcpdump on both sides and analyze dumps.
>
>
> Yu
>
>
> -----Original Message-----
> From: questions [mailto:questions-bounces+ywang10=fsu.edu at lists.ntp.org] On Behalf Of Gao
> Sent: Monday, July 27, 2015 12:05 PM
> To: MAYER Hans; 'questions at lists.ntp.org'
> Subject: Re: [ntp:questions] Need help on NTP client
>
> Thanks Han for the help. But when I put the line in the config file it generate error:
>
> Jul 27 08:54:59 test ntpd[12497]: getaddrinfo: "source" invalid host address, ignored
>
> I remove the argument "source" the error is gone but ntpd still not working properly.
>
> Gao
>
>
> On 15-07-27 02:43 AM, MAYER Hans wrote:
>> Hi Gao,
>>
>> Could you fix the issue in the meantime ?
>> What I am missing is a line like this:
>> restrict source nomodify nopeer notrap
>>
>> // Hans
>>
>>
>>
>> -----Original Message-----
>> From: questions
>> [mailto:questions-bounces+mayer=iiasa.ac.at at lists.ntp.org] On Behalf
>> Of Gao
>> Sent: Wednesday, July 22, 2015 7:29 PM
>> To: questions at lists.ntp.org
>> Subject: [ntp:questions] Need help on NTP client
>>
>> Hello list,
>>
>> I have a local NTP server setup in my office LAN. It is a CentOS6 VM. On the server ntpd works fine. Now I build a new CentOS7 server and it can't sync with any of the NTP server, including my local server.
>>
>> Here is my local NTP server(ovpn.sjv.lan, IP:192.168.123.46):
>>
>> [root at ovpn ~]# ntpq -p
>>         remote           refid      st t when poll reach   delay offset
>> jitter
>> ======================================================================
>> ========
>> +ntp1.torix.ca   .PPS.            1 u   53 1024  377   68.759 -0.453  11.657
>> *ntp2.torix.ca   .PPS.            1 u  699 1024  377   72.491 3.638   0.412
>> +69.28.67.44     18.26.4.105      2 u  101 1024  357   64.888 -1.005   2.151
>> -euro-shared.oln 142.3.100.2      2 u  621 1024  377  100.648 15.585  11.371
>>     LOCAL(0)        .LOCL.          10 l  18h   64    0    0.000 0.000   0.000
>>
>> [root at ovpn ~]# iptables -L -n
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source               destination
>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:123
>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:123
>>
>> ###############################################
>>
>> Now the new installed CentOS7(test.sjv.lan):
>>
>> firewalld and SELinux has been disabled.
>>
>> [root at test log]# ntpq -p
>>         remote           refid      st t when poll reach   delay offset
>> jitter
>> ==============================================================================
>>     ovpn.sjv.lan    .INIT.          16 u    -   64    0    0.000 0.000   0.000
>>     kirdu.smartacti .INIT.          16 u    -   64    0    0.000 0.000   0.000
>>     ntp3.torix.ca   .INIT.          16 u    -   64    0    0.000 0.000   0.000
>>     euro-shared.oln .INIT.          16 u    -   64    0    0.000 0.000   0.000
>>     bitdonut.co     .INIT.          16 u    -   64    0    0.000 0.000   0.000
>>
>> [root at test log]# cat /etc/ntp.conf | egrep -v "(^#.*)"
>>
>> driftfile /var/lib/ntp/drift
>>
>> restrict default nomodify notrap nopeer noquery
>>
>> restrict 127.0.0.1
>> restrict ::1
>>
>> server ovpn.sjv.lan iburst
>> server 0.centos.pool.ntp.org iburst
>> server 1.centos.pool.ntp.org iburst
>> server 2.centos.pool.ntp.org iburst
>> server 3.centos.pool.ntp.org iburst
>>
>> includefile /etc/ntp/crypto/pw
>>
>> keys /etc/ntp/keys
>>
>> disable monitor
>>
>>
>>
>>
>> [root at test log]# ntpdate -q ovpn.sjv.lan server 192.168.123.46,
>> stratum 2, offset -5.304602, delay 0.02580
>> 22 Jul 10:24:37 ntpdate[12081]: step time server 192.168.123.46 offset
>> -5.304602 sec
>>
>> ################################################
>>
>> I don't know what to do. I tried to turn off firewall on both nodes. The "ntpq -p" just wont show me any sign of reach the servers, both local and public.
>>
>> Please help.
>>
>>
>>
>> Gao
>>
>>
>>
>>
>>
>


-- 



More information about the questions mailing list