[ntp:questions] being rejected

a at b.cd a at b.cd
Sat Oct 9 15:17:13 UTC 2010


a at b.cd wrote:

> David Woolley wrote:
> 
>> a at b.cd wrote:
>> 
>>>>>   1 61694  8000   yes   yes  none    reject
>> 
>>> assID=61694 status=8000 unreach, conf, no events,
>> 
>> 
>> I don't know why it is saying reach on the assoc, but the rv is
>> certainly saying that nothing is coming back, which normally does mean a
>> firewall problem.  Often port 123 is firewalled off even though the port
>> used for connectivity tests is not.
> 
> But the reply packets are comin' thru no problem. I can see them with
> tcpdump:
> 
> # tcpdump -ieth0 -s0 -vvv port ntp
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
> ....
> 
> So it really can't be a connectivity issue, can it?

Wait, now that I *can* see the packets, the associations actually look like 
this:

ntpq> as

ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 13136  9344   yes   yes  none   outlyer   reachable  4
  2 13137  942a   yes   yes  none candidate    sys_peer  2
  3 13138  962a   yes   yes  none  sys.peer    sys_peer  2
  4 13139  9414   yes   yes  none candidate   reachable  1

Which looks fine to me. It seems it was the -I lo option I was passing to 
ntpd. But why that would prevent it from *sending* out ANY traffic is beyond 
me. This client/server-in-one-app-thing is really confusing, especially if 
the docs don't make it clear what part of the operation particular options 
refer to.




More information about the questions mailing list