ocated in the folder specified as
conf.d in chrony.conf.
One question remained - how to bind client instances to the exact wan
interface, not to 0.0.0.0 ?
вт, 12 дек. 2023 г. в 16:26, Miroslav Lichvar :
> On Tue, Dec 12, 2023 at 04:07:23PM +0300, CpServiceSPb wrote:
> > Let' s c
023 at 03:49:10PM +0300, CpServiceSPb wrote:
> > I will check about unexpected chrony instances.
> > I use Ubuntu 22.04 LTS x64.
> >
> > Should I use the config you posted above and multi script or config and
> > chrony -d ?
>
> Don't use the script. It cannot set
I will check about unexpected chrony instances.
I use Ubuntu 22.04 LTS x64.
Should I use the config you posted above and multi script or config and
chrony -d ?
вт, 12 дек. 2023 г. в 15:23, Miroslav Lichvar :
> On Mon, Dec 11, 2023 at 06:04:18PM +0300, CpServiceSPb wrote:
> > Wh
like:
udp0 lanIP:123 0.0.0.0:*
136025/chronyd
udp0 dmzIP:123 0.0.0.0:*
136024/chronyd
udp0 0 127.0.0.1:11123 0.0.0.0:*
136026/chronyd
Or am I wromg ?
пн, 11 дек. 2023 г. в 18:04, CpServiceSPb :
> Which po
Which ports will be listened to, 123 ?
I mean by server from clients in ln/dmz ?
пн, 11 дек. 2023 г. в 17:26, Miroslav Lichvar :
> On Mon, Dec 11, 2023 at 05:08:32PM +0300, CpServiceSPb wrote:
> > Would you be so kind to post 2 config files for 2 different interfaces,
> for
Would you be so kind to post 2 config files for 2 different interfaces, for
example:
lan = 192.168.0.254/99
dmz = 172.17.0.254/99
and multiple launching script.
пн, 11 дек. 2023 г. в 17:05, Miroslav Lichvar :
> On Thu, Dec 07, 2023 at 12:33:57AM +0300, CpServiceSPb wrote:
> > I rea
I use chronyd version 4.3 on Ubuntu 22.04 x64 LTS.
чт, 7 дек. 2023 г. в 00:33, CpServiceSPb :
> I really don't understand how to specify the interface address for each
> instance.
> Here are my config files:
> *conf.d/lan.conf*
> server lanIP port 11123 minpoll 0 maxpoll
0 0.0.0.0:123 0.0.0.0:*
35121/chronyd
udp0 0 0.0.0.0:123 0.0.0.0:*
35121/chronyd
How chrony will know addresses to bind to ?
ср, 6 дек. 2023 г. в 11:25, Miroslav Lichvar :
> On Wed, Dec 06, 2023 at 12:28:01AM +0300, CpServiceSPb wrote:
> >
.
But in this case chronyd hangs up during starting.
ср, 6 дек. 2023 г. в 00:48, CpServiceSPb :
> I set up _chrony user and _chrony group for /var/run/chrony1 and even set
> up 755 permission to the folder.
> Here is my one config at :/etc/chrony/conf.d /lan.conf
> At the time only one fi
is wrong ?
ср, 6 дек. 2023 г. в 00:28, CpServiceSPb :
> Can you either post a link or detailed instruction on how to launch
> multiple chrony server instances for the same port but different
> interfaces/addresses ?
>
> пн, 4 дек. 2023 г. в 18:25, Miroslav Lichvar :
>
>> On
Can you either post a link or detailed instruction on how to launch
multiple chrony server instances for the same port but different
interfaces/addresses ?
пн, 4 дек. 2023 г. в 18:25, Miroslav Lichvar :
> On Thu, Nov 30, 2023 at 11:04:37PM +0300, CpServiceSPb wrote:
> > But there is
&
г. в 23:06, CpServiceSPb :
> I couldn' t launch multiple instances of chrony.
>
> I added lan.conf to the conf.d folder additionally to the main config file:
> server lan_IP port 123 minpoll 0 maxpoll 0 copy
> allow
> cmdport 123
> bindcmdaddress /var/run/cc/chronyd-server1.so
. 2023 г. в 17:46, CpServiceSPb :
> Adding this way of packet handling will bring a huge competition advantage
> for chrony.
> I think.
>
> Here is some onfi about netlink practical usgee, in Russian, but you can
> read it via Google translator.
>
> Anyway, thanks in advance.
&
05, 2023 at 04:33:11PM +0300, CpServiceSPb wrote:
> > > That would make more sense for security. However, it's not a simple
> thing
> > > to implement as peer associations use the server sockets too, so there
> > > would need to be some code selecting the right sock
5, 2023 at 03:44:35PM +0300, CpServiceSPb wrote:
> > Due to Weak ES mode in Linux OSes, please remake a test but change a
> little
> > bit test conditions:
> > When aiming for Strong ES Model in Linux, you'll first need these sysctl
> > settings:
> > net.ipv4.conf.all
. 2023 г. в 15:31, CpServiceSPb :
> Maybe did multiple binddeviceinstead for the specified purpose ?
>
> вт, 5 сент. 2023 г. в 15:17, CpServiceSPb :
>
>> I don' t understand how packets are thrown between interfaces with IP
>> forwarding off.
>> Maybe nevertheless there i
Maybe did multiple binddeviceinstead for the specified purpose ?
вт, 5 сент. 2023 г. в 15:17, CpServiceSPb :
> I don' t understand how packets are thrown between interfaces with IP
> forwarding off.
> Maybe nevertheless there is 0.0.0.0 binding.
>
>
> вт, 5 сент. 2023 г. в 1
I don' t understand how packets are thrown between interfaces with IP
forwarding off.
Maybe nevertheless there is 0.0.0.0 binding.
вт, 5 сент. 2023 г. в 15:10, CpServiceSPb :
> As you added the functionality, can you send this version ?
> I will test as well on my own.
>
>
> вт,
As you added the functionality, can you send this version ?
I will test as well on my own.
вт, 5 сент. 2023 г. в 13:54, Miroslav Lichvar :
> On Thu, Aug 31, 2023 at 12:06:35AM +0300, CpServiceSPb wrote:
> > I may be wrong but as I understand that binding to an address is almost
>
Hi.
Any new information regarding adding functionality specified by the topic ?
чт, 31 авг. 2023 г. в 00:06, CpServiceSPb :
> Each opened (listening) socket in the system is a potential vulnerability.
>
> I may be wrong but as I understand that binding to an address is almost
&
happens on the lan interface when some client from dmz sends a request
to dmz interface.
That is, will any packets come to the lan interface or not.
ср, 30 авг. 2023 г. в 13:29, Miroslav Lichvar :
> On Wed, Aug 30, 2023 at 12:49:34PM +0300, CpServiceSPb wrote:
> > > Why is
a good use case for it.
I ilked Chrony and will use it instead of NTPd on 3 of 5 interfaces of the
server.
One thing that stopped me from using Chrony on a real server is lack of
multiple bindings.
ср, 30 авг. 2023 г. в 11:40, Miroslav Lichvar :
> On Wed, Aug 30, 2023 at 10:19:56AM +0300,
There are some multihomed computers which have several network interfaces,
for example lan, wif1i, wifi2, dmz, wan.
At the time chrony are binded either to 0.0.0.0 address, which is meaning "
listen on every available network interface " or only once specified
interface/address by "bind..."
23 matches
Mail list logo
