Time sync with NTP questions

Michael Collette Metrol at Metrol.net
Thu Nov 25 11:40:43 PST 2004 

On my network I have a machine in my DMZ I wish to use NTP to 
synchronize to a public server for it's time.  I then want to have 
another machine in my private network synchronize time to this box in 
the DMZ.  From there I want to have all my other machines in my private 
network to sync in to it.

Boy I hope that makes sense.  Just in case, a fun filled ASCII diagram

Public NTP Server
         |
     DMZ Server
         |
   Private Server
         |
All the rest of my servers

All my boxes are running 5.3-STABLE.

I have my DMZ box connecting to public NTP servers through my firewall 
now.  That part works great.  Able to ntpdate and run ntpd.

My private server is able to both ntpdate and ntpd to a public server. 
What I can't seem to get going here is to have the private server 
synchronize to the DMZ server with NTP.  Also can't get other machines 
sync in with what I want to be my primary NTP server on the private 
network.  Heck, I can't seem to get any two FreeBSD boxes to sync with 
eachother.

I've also been trying to get this to play with two boxes on the same 
subnet.  I can get one box to sync to another using timed, but I can't 
seem to get ntp to work.  I conistently get...

"no server suitable for synchronization found"

The client side can query what I'd like to be the ntp server with ntpq, 
but ntpdate or ntp -q always fail.  The client IS able to ntpdate to a 
public server.

The server has the following rc.conf flags...

ntpdate_enable="YES"
ntpdate_flags="ntp.ucsd.edu"
ntpd_enable="YES"
ntpd_flags="-A -c /etc/ntp.conf -p /var/run/ntpd.pid -f /etc/ntp/ntpd.drift"


/etc/ntp.conf looks very similar too...

server ntp.somedomain.com
restrict ntp.somedomain.com mask 255.255.255.255 nomodify notrap noquery
restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
restrict 127.0.0.1
driftfile /etc/ntp/ntp.drift

There's actually 5 public NTP servers configured in my real ntp.conf and 
they all seem to work.  192.168.1.0 is, of course, where my clients 
would query this server.

So what am I missing here to make a working NTP server for my network??

Thanks,
-- 
"In theory, there is no difference between theory and practice.
In practice, there is."
- Yogi Berra

More information about the freebsd-questions mailing list