NTP issues with 5.4

Michal Mertl mime at traveller.cz
Thu May 12 11:20:29 PDT 2005


Rob píše v čt 12. 05. 2005 v 07:47 -0700:
> Michal Mertl wrote:
> > I have been doing upgrades from source for ages and
> > never had a problem. It is a documented process and
> > I only upgraded some of the computers from 5.3 to
> > 5.4, e.g. not across major versions.
> 
> I'm running 5-Stable, and each time I restart my
> router/gateway/server (also ntpd server), I have
> trouble getting the ntpd server operate properly.
> 
> I still haven't figured out what's going wrong.
> Somehow ntpd can't access the external servers;
> during that time it will also refuse to be the
> server to my local network (so also the PCs on
> my local network are in ntpd trouble).
> 
> After some time (hours or days) it seems to work
> suddenly, like magic.
> 
> No, no, it's not that time is off to much. All PCs
> involved here are running approximately the correct
> time; at most 10 seconds off.
> 
> However, I noticed something strange this week:
> 
> I again had rebooted my router/server and the ntpd
> was 'out-of-order', as usual. I ran tcpdump on the
> external internet interface to monitor the activity
> on port 123, and I noticed something strange.
> My ntpd server was initializing itself by sending
> out udp requests not from port 123, but from a high
> port number, like this for example:
> 
>    my.gate.way:5045 > ext.ntp.server:123
>    ext.ntp.server:123 > my.gate.way:5045
> 
> So my server was sending udp request from the
> high port number to the ntp server on port 123.
> The ntp server then answered the udp request from
> port 123 to the high number port on my server.
> 
> Because my firewall allows ntp/udp communication
> only via port 123, this communication was blocked.
> I guess this was causing my ntpd server to hang
> kind of indefinitely.
> 
> When I opened up my firewall, the ntpd server
> suddenly made contact and all was fine.
> 
> A little later, I ran the same tcpdump again, and
> found out that now both, my gateway/server and the
> external ntp server, were communicating via port 123.
> 
> So I switched my firewall on again, and ntpd was
> still very happy, because now the ntp/udp
> communication went all via port 123.

Hm. This is not my case. I've got firewalls configured too, but they
allow this kind of traffic too. And I don't have them on all the
computers I experience the problems either.

> Once ntpd was running for some time on the gateway,
> it suddenly started to function as a server to my
> local network; there is some delay here as if the
> ntpd server on my gateway has to stabilize some
> time first.
> 
> Any comments to this?

Some time is always needed before NTPD server responds to client queries
AFAIK. I've just tried restarting the daemon and have been checking when
it starts answering. It took about 5 minutes. When you issue sysinfo
command from ntpdc you should see system peer set to something other
than 0.0.0.0.

> My gateway is a production server, so I can't do too
> many experiments with rebooting the system ;(.
> 
> Regards,
> Rob.
> 
> 
> 		
> Discover Yahoo! 
> Find restaurants, movies, travel and more fun for the weekend. Check it out! 
> http://discover.yahoo.com/weekend.html 
> 



More information about the freebsd-questions mailing list