NTP issues with 5.4

Rob spamrefuse at yahoo.com
Thu May 12 07:52:12 PDT 2005


Michal Mertl wrote:
> I have been doing upgrades from source for ages and
> never had a problem. It is a documented process and
> I only upgraded some of the computers from 5.3 to
> 5.4, e.g. not across major versions.

I'm running 5-Stable, and each time I restart my
router/gateway/server (also ntpd server), I have
trouble getting the ntpd server operate properly.

I still haven't figured out what's going wrong.
Somehow ntpd can't access the external servers;
during that time it will also refuse to be the
server to my local network (so also the PCs on
my local network are in ntpd trouble).

After some time (hours or days) it seems to work
suddenly, like magic.

No, no, it's not that time is off to much. All PCs
involved here are running approximately the correct
time; at most 10 seconds off.

However, I noticed something strange this week:

I again had rebooted my router/server and the ntpd
was 'out-of-order', as usual. I ran tcpdump on the
external internet interface to monitor the activity
on port 123, and I noticed something strange.
My ntpd server was initializing itself by sending
out udp requests not from port 123, but from a high
port number, like this for example:

   my.gate.way:5045 > ext.ntp.server:123
   ext.ntp.server:123 > my.gate.way:5045

So my server was sending udp request from the
high port number to the ntp server on port 123.
The ntp server then answered the udp request from
port 123 to the high number port on my server.

Because my firewall allows ntp/udp communication
only via port 123, this communication was blocked.
I guess this was causing my ntpd server to hang
kind of indefinitely.

When I opened up my firewall, the ntpd server
suddenly made contact and all was fine.

A little later, I ran the same tcpdump again, and
found out that now both, my gateway/server and the
external ntp server, were communicating via port 123.

So I switched my firewall on again, and ntpd was
still very happy, because now the ntp/udp
communication went all via port 123.

Once ntpd was running for some time on the gateway,
it suddenly started to function as a server to my
local network; there is some delay here as if the
ntpd server on my gateway has to stabilize some
time first.

Any comments to this?

My gateway is a production server, so I can't do too
many experiments with rebooting the system ;(.

Regards,
Rob.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the freebsd-questions mailing list