Thanks for the return!  I've discovered my ISP has apparently shut off
port 123 (NTP), and if I do    ntpdate -u ntp.cape.com    I get my
time set!  But ntpq lacks ntpdate's option to use an unprivileged port.
I guess time is come to ask my ISP.  (Shouldn't I have done tha before :-]

Again thanks!
        Chuck Bacon -- [EMAIL PROTECTED]
                ABHOR SECRECY -- DEFEND PRIVACY
PS: Yes, I use netmask 255.255.255.240 (0xfffffff0); a vain hope that
there's a tiny increment of security in it, and a belief in the definitions
of net classes.

On Sun, 18 Jun 2006, Nick Withers wrote:
On Sat, 17 Jun 2006 21:30:55 -0400 (EDT)
Charles Bacon <[EMAIL PROTECTED]> wrote:

Since FreeBSD 4.5-Release, I have been unable to get NTP working on
my two FreeBSD computers, one running 5.3Release and the other on
6.1Release.  I have done nothing with the GENERIC kernel on either
machine.  I talk SSH between them, and have been running ntpd on
both, each naming the other as well as two external servers.

My network is a typical home net, using 192.168.1/28,

You mean /24 (i.e.: 255.255.255.0, Class C), yeah?

served by a DSL router which does NAT for my external traffic.
Internal comms. is through switches, plus one hub.  Each computer
(plus some others running Windows) has easy access out, and is
invisible from the Internet exceptt for responses.

Here's my ntp.conf, identical on my two computers:

        server ntp.cape.com
        server ntp.ourconcord.net
        driftfile /var/db/ntp.drift
        logfile /var/log/ntplog
        pidfile /var/run/ntpd.pid
        logconfig =all
        peer 192.168.1.3
        peer 192.168.1.2                (much comments removed)

With mediocre diagnostic skill, I have finally discovered tcpdump.
It told me after much experiment, that the relevant port (NTP, 123) was
unreachable.  This sounds significant, but I can't find a list of the
reachability of ports.

Try netstat(1). "netstat -anp udp" might be of help in
particular, here.

I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems
to exist in /dev.

I had expected that GENERIC would impose only slight filtering somehow,
and certainly not shut off NTP!  I guess I need help.

If you've loaded a firewall such as IPFW in /etc/rc.conf a
kernel module will be loaded for it, if it's not compiled
statically into hte kernel already (which it isn't on GENERIC
for either 5.3-RELEASE or 6.1-RELEASE). "kldstat" will list
loaded modules (and the IPFW module is ipfw.ko).

Thanks for any help you can give, and I accept any opprobrium for trying
to be a sysadmin, even for my home boxen.

        Chuck Bacon -- [EMAIL PROTECTED]
                ABHOR SECRECY -- DEFEND PRIVACY
--
Nick Withers
email: [EMAIL PROTECTED]
Web: http://www.nickwithers.com
Mobile: +61 414 397 446
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to