[ntp:questions] being rejected
a at b.cd
a at b.cd
Sat Oct 9 15:17:13 UTC 2010
a at b.cd wrote:
> David Woolley wrote:
>
>> a at b.cd wrote:
>>
>>>>> 1 61694 8000 yes yes none reject
>>
>>> assID=61694 status=8000 unreach, conf, no events,
>>
>>
>> I don't know why it is saying reach on the assoc, but the rv is
>> certainly saying that nothing is coming back, which normally does mean a
>> firewall problem. Often port 123 is firewalled off even though the port
>> used for connectivity tests is not.
>
> But the reply packets are comin' thru no problem. I can see them with
> tcpdump:
>
> # tcpdump -ieth0 -s0 -vvv port ntp
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
> ....
>
> So it really can't be a connectivity issue, can it?
Wait, now that I *can* see the packets, the associations actually look like
this:
ntpq> as
ind assid status conf reach auth condition last_event cnt
===========================================================
1 13136 9344 yes yes none outlyer reachable 4
2 13137 942a yes yes none candidate sys_peer 2
3 13138 962a yes yes none sys.peer sys_peer 2
4 13139 9414 yes yes none candidate reachable 1
Which looks fine to me. It seems it was the -I lo option I was passing to
ntpd. But why that would prevent it from *sending* out ANY traffic is beyond
me. This client/server-in-one-app-thing is really confusing, especially if
the docs don't make it clear what part of the operation particular options
refer to.
More information about the questions
mailing list