I have a new CentOS server on which I installed ntp. Yes, I opened up iptables to both tcp and udp port 123. It works great to get / keep the system itself synced with correct time, but when others query it, it fails. Ideas appreciated.
On CentOS host "chumley": # cat /etc/ntp.conf driftfile /var/lib/ntp/drift restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 restrict 10.1.1.0 mask 255.255.255.0 server 0.centos.pool.ntp.org server 1.centos.pool.ntp.org server 2.centos.pool.ntp.org statistics clockstats cryptostats loopstats peerstats # ntpq -pcrv assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart, version="ntpd [email protected] Tue Nov 29 00:09:12 UTC 2011 (1)", processor="x86_64", system="Linux/2.6.32-220.4.1.el6.x86_64", leap=11, stratum=16, precision=-22, rootdelay=0.000, rootdispersion=1.335, peer=0, refid=INIT, reftime=00000000.00000000 Thu, Feb 7 2036 1:28:16.000, poll=6, clock=d2d5f197.fa558709 Fri, Feb 3 2012 0:39:35.977, state=0, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000, stability=0.000, tai=0 remote refid st t when poll reach delay offset jitter ============================================================================== clock.team-cymr 172.16.65.22 2 u 24 64 3 47.440 184.516 14.422 pool-test.ntp.o 127.67.113.92 2 u 25 64 3 94.360 181.398 11.742 barricade.rack9 209.51.161.238 2 u 23 64 3 43.671 185.172 12.250 Query from Solaris host: $ ntpdate -q chumley server 10.1.1.18, stratum 16, offset -0.168184, delay 0.02646 3 Feb 00:38:08 ntpdate[4110]: no server suitable for synchronization found Here's what happens when I run ntpd -ddd on chumley and do the same query: peer 216.129.110.22 event 'event_reach' (0x84) status 'unreach, conf, 1 event, event_reach' (0x8014) poll_update: at 3 216.129.110.22 flags 0001 poll 6 burst 0 last 3 next 69 clock_filter: n 1 off 0.012866 del 0.064307 dsp 7.937502 jit 0.000000, age 0 main: scheduled event in 62.934454 main: elapsed 0.840788 read_network_packet: fd=21 length 48 from 01010107 10.1.1.7 receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000 receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0 sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48) transmit: at 3 10.1.1.18->10.1.1.7 mode 4 main: scheduled event in 0.159085 main: elapsed 0.841887 read_network_packet: fd=21 length 48 from 01010107 10.1.1.7 receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000 receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0 sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48) transmit: at 3 10.1.1.18->10.1.1.7 mode 4 main: scheduled event in 0.158029 main: elapsed 0.842952 read_network_packet: fd=21 length 48 from 01010107 10.1.1.7 receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000 receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0 sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48) transmit: at 3 10.1.1.18->10.1.1.7 mode 4 main: scheduled event in 0.156965 main: elapsed 0.844032 read_network_packet: fd=21 length 48 from 01010107 10.1.1.7 receive: at 3 10.1.1.18<-10.1.1.7 flags 19 restrict 000 receive: at 3 10.1.1.18<-10.1.1.7 mode 3 code 3 auth 0 sendpkt(fd=21 dst=10.1.1.7, src=10.1.1.18, ttl=0, len=48) transmit: at 3 10.1.1.18->10.1.1.7 mode 4 main: scheduled event in 0.155886 main: elapsed 1.000168 loopfilter: 1 main: scheduled event in 0.999811 main: elapsed 1.001017 loopfilter: 1 main: scheduled event in 60.998953 tcpdump confirms bidirectional traffic during the queries. I am at a loss to understand why this simple thing is not working. I would be appreciative of any suggestions. -- _+_ From the catapult of |If anyone objects to any statement I make, I am _|70|___:)=}- J.D. Baldwin |quite prepared not only to retract it, but also \ / [email protected]|to deny under oath that I ever made it.-T. Lehrer ***~~~~---------------------------------------------------------------------- _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
