I think I may have some kind of network issue but I couldn't figure out
where it is.
I did tcpdump on me test(CentOS7) and ovpn(CentOS6, ntpd sever working
fine):
On the new installed CentOS7, it does send out NTP request:
[root@ovpn ~]# sudo tcpdump -nvv -i eth0 port ntp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
65535 bytes
11:14:45.163056 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
UDP (17), length 76)
192.168.123.30.ntp > 192.168.123.255.ntp: [udp sum ok] NTPv4, length 48
Broadcast, Leap indicator: +1s (64), Stratum 3 (secondary
reference), poll 6s, precision -20
Root Delay: 0.064926, Root dispersion: 0.040405, Reference-ID:
24.84.16.83
Reference Timestamp: 3647009532.185647711 (2015/07/27 11:12:12)
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3647009685.150639981 (2015/07/27 11:14:45)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3647009685.150639981
(2015/07/27 11:14:45)
11:15:49.162812 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
UDP (17), length 76)
192.168.123.30.ntp > 192.168.123.255.ntp: [udp sum ok] NTPv4, length 48
Broadcast, Leap indicator: +1s (64), Stratum 3 (secondary
reference), poll 6s, precision -20
Root Delay: 0.064926, Root dispersion: 0.041366, Reference-ID:
24.84.16.83
Reference Timestamp: 3647009532.185647711 (2015/07/27 11:12:12)
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3647009749.150629937 (2015/07/27 11:15:49)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3647009749.150629937
(2015/07/27 11:15:49)
BUT on the CentOS6 ovpn side, nothing arrived from that test host!
Another BUT, at another CentOS6, the ntp works fine with the same local
server(ovpn):
[root@vlamp ~]# ntpq -p
remote refid st t when poll reach delay offset
jitter
==================================================
-ovpn.sjv.lan 199.182.221.110 3 u 105 1024 377 0.159 3.735 0.648
+ns507230.ip-192 200.98.196.212 2 u 194 1024 377 99.833 1.483 10.273
*192.95.27.155 200.98.196.212 2 u 885 1024 377 101.236 -4.098 1.650
-fromtheouter.sp 213.251.128.249 2 u 1059 1024 377 82.356 12.651 1.773
+bitdonut.co 18.26.4.105 2 u 229 1024 377 98.643 1.859 11.815
My office network is very simple. One subnet with bunch of switches, one
router (SonicWall) connect to the internet. If use "ping" to test it
shows all fine. So what is passable to block/drop the udp packet on port
123???
Gao
On 15-07-27 09:52 AM, Wang, Yu wrote:
I know you mentioned that selinux was disabled. Just to verify, could you run
'getenforce'?
Also could you use nmap to scan udp port from your test server and vice versa:
'nmap -sU -p U:123 -v 192.168.123.46'
You can also do tcpdump on both sides and analyze dumps.
Yu
-----Original Message-----
From: questions [mailto:questions-bounces+ywang10=fsu....@lists.ntp.org] On
Behalf Of Gao
Sent: Monday, July 27, 2015 12:05 PM
To: MAYER Hans; 'questions@lists.ntp.org'
Subject: Re: [ntp:questions] Need help on NTP client
Thanks Han for the help. But when I put the line in the config file it generate
error:
Jul 27 08:54:59 test ntpd[12497]: getaddrinfo: "source" invalid host address,
ignored
I remove the argument "source" the error is gone but ntpd still not working
properly.
Gao
On 15-07-27 02:43 AM, MAYER Hans wrote:
Hi Gao,
Could you fix the issue in the meantime ?
What I am missing is a line like this:
restrict source nomodify nopeer notrap
// Hans
-----Original Message-----
From: questions
[mailto:questions-bounces+mayer=iiasa.ac...@lists.ntp.org] On Behalf
Of Gao
Sent: Wednesday, July 22, 2015 7:29 PM
To: questions@lists.ntp.org
Subject: [ntp:questions] Need help on NTP client
Hello list,
I have a local NTP server setup in my office LAN. It is a CentOS6 VM. On the
server ntpd works fine. Now I build a new CentOS7 server and it can't sync with
any of the NTP server, including my local server.
Here is my local NTP server(ovpn.sjv.lan, IP:192.168.123.46):
[root@ovpn ~]# ntpq -p
remote refid st t when poll reach delay offset
jitter
======================================================================
========
+ntp1.torix.ca .PPS. 1 u 53 1024 377 68.759 -0.453 11.657
*ntp2.torix.ca .PPS. 1 u 699 1024 377 72.491 3.638 0.412
+69.28.67.44 18.26.4.105 2 u 101 1024 357 64.888 -1.005 2.151
-euro-shared.oln 142.3.100.2 2 u 621 1024 377 100.648 15.585 11.371
LOCAL(0) .LOCL. 10 l 18h 64 0 0.000 0.000 0.000
[root@ovpn ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:123
###############################################
Now the new installed CentOS7(test.sjv.lan):
firewalld and SELinux has been disabled.
[root@test log]# ntpq -p
remote refid st t when poll reach delay offset
jitter
==============================================================================
ovpn.sjv.lan .INIT. 16 u - 64 0 0.000 0.000 0.000
kirdu.smartacti .INIT. 16 u - 64 0 0.000 0.000 0.000
ntp3.torix.ca .INIT. 16 u - 64 0 0.000 0.000 0.000
euro-shared.oln .INIT. 16 u - 64 0 0.000 0.000 0.000
bitdonut.co .INIT. 16 u - 64 0 0.000 0.000 0.000
[root@test log]# cat /etc/ntp.conf | egrep -v "(^#.*)"
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server ovpn.sjv.lan iburst
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
[root@test log]# ntpdate -q ovpn.sjv.lan server 192.168.123.46,
stratum 2, offset -5.304602, delay 0.02580
22 Jul 10:24:37 ntpdate[12081]: step time server 192.168.123.46 offset
-5.304602 sec
################################################
I don't know what to do. I tried to turn off firewall on both nodes. The "ntpq
-p" just wont show me any sign of reach the servers, both local and public.
Please help.
Gao
--
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
