ntpd fails to synchronize on FreeBSD 6.3-STABLE

Pongthep Kulkrisada ptkrisada at gmail.com
Fri Feb 29 18:44:51 UTC 2008 

Firstly, thank all of you for supporting me!
But please note that I shall install FreeBSD 7.0-RELEASE this weekend.
So I can no longer give you more information regarding 6.3-STABLE.

Secondly I'm sorry for confusing you (NAT: I mean the machine ``behind NAT.'')
> > 1. FreeBSD 5.4-RELEASE(dial up)    - can sync all servers
> > 2. FreeBSD 6.2-RELEASE(dial up)    - can sync all servers
> > 3. FreeBSD 6.2-RELEASE(behind NAT) - can sync IPv6 servers
> > 4. FreeBSD 6.3-STABLE (behind NAT) - not sync at all

The followings are my answers to all your questions.
Answers to Jeremy Chadwick...

> Okay, so this really sounds like something that changed between 6.2 and
> 6.3.  I don't know what kind of NAT you're using; I believe FreeBSD
> offers a couple different methods.
> More information is required...
> 1) What NAT method are you using (ipfw, ipnat, etc.)
As said earlier I'm not running FreeBSD 6.3 as a router or gateway.
My NAT is very simple. It is stationed at home. A ``Conexant'' router and 2 computers running Windows XP and FreeBSD 6.3-STABLE. Connection is made with CAT5e cables.

> 2) What does your network topology look like (draw a diagram, referring
>    to each NIC/ethernet device, IPs, and so on)
I'm sorry, I'm not familiar with any kinds of GUI.
                            ISP
                             |
                             |    dynamic IP
                      Conexant router (firewall diabled)
                             |    192.168.1.1
                            / \
                          /     \
                        /         \
static IP 192.168.1.10/             \ static IP 192.168.1.11
               FreeBSD-6.3        Windows XP
running gw6 client for IPv6
running ipfw

> 3) Please post your NAT rules
No NAT rules as per my configuration above. Or I misunderstood something!

> 4) Have you checked /usr/src/UPDATING for relevant changes?
Yes of course as said in my previous post.
But nothing is relevant to ntpd from 6.2 to 6.3.

> Then I'm not sure why you're using NAT on the box at all?
I'm not using NAT on the box. I mean machine behind NAT, sorry.

Answers to Peter Jeremy

> If you are expecting to connect via IPv6 then the first issue you need
> to address is why your ntpd is failing to generate any IPv6 packets.
> Have you changed your rc.conf, ntpd.conf, hosts, nsswitch.conf or
> resolv.conf since you upgraded?
Since last mergemaster I only added ntpdate_enable and ntpdate_flags to /etc.rc.conf and removing driftfile from /etc/ntp.conf following suggestion from Jeremy Chadwick. Nothing else.
% grep ntpdate /etc/rc.conf
ntpdate_enable="YES"
ntpdate_flags="-b time.navy.mi.th asia.pool.ntp.org ntp.nict.jp"

> Do you have IP addresses or hostnames in your ntp.conf?
% cat /etc/ntp.conf
server time.navy.mi.th prefer
server asia.pool.ntp.org
server ntp.nict.jp

> If you have hostnames, can you do an AAAA lookup on them and get back
> the correct addresses?
I don't know which option for nslookup to resolve AAAA record.
I tried it, only IPv4 address is presented.
So I use ping6 instead.
Note that only the last one, ntp.nict.jp, has AAAA record.
% ping6 -c 5 ntp.nict.jp

PING6(56=40+8+8 bytes) 2001:5c0:8fff:fffe::42ad --> 2001:2f8:29:100::fff3
16 bytes from 2001:2f8:29:100::fff3, icmp_seq=0 hlim=30 time=552.329 ms
16 bytes from 2001:2f8:29:100::fff3, icmp_seq=1 hlim=31 time=549.556 ms
16 bytes from 2001:2f8:29:100::fff3, icmp_seq=2 hlim=31 time=593.890 ms
16 bytes from 2001:2f8:29:100::fff3, icmp_seq=3 hlim=30 time=616.043 ms
16 bytes from 2001:2f8:29:100::fff3, icmp_seq=4 hlim=31 time=610.353 ms

--- ntp.nict.jp ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 549.556/584.434/616.043/28.311 ms

> If you built your own world, are you sure a NOINET6 hasn't snuck in
> somewhere?
I'm not quite sure, I just simply follow the procedure in handbook as per my previous post. But I CAN ping6 any IPv6 hosts. Therefore I don't think so.

Answers to Clifton Royston

>   What the first 3 items in your list suggest, totally independent of
> any questions involving 6.3 vs. 6.2, is that you don't have a NAT/LAN
> configuration which works correctly with NTP on IPv4.
Yes you are right.

>   Do any other UDP services work with NAT on IPv4, under either 6.2,
> 6.3, or 5.4?
Yes I ran many UDP clients/servers.
Mostly I coded C on my own.
All work without any problems.

>   If you want to confirm this is the problem, try running 6.3-STABLE on
> the same dialup connection that worked for 5.4 and 6.2.  My prediction
> is that NTP will work via your dialup connection. 
Yes ntp works with both IPv4 and IPv6 on dial up.
root at bsdhost:~#	ntpdc -c peers
     remote           local      st poll reach  delay   offset    disp
=======================================================================
*122.154.11.67   118.174.95.234   1  128    7 0.17996 -14.62198 1.93799
=www.hypercore.c 118.174.95.234   3  128    7 0.31084 -14.61814 1.93852
=ntp-b2.nict.go. ::               1  128    7 0.37003 -14.67507 1.93871

>   If that is case, your problem is that your NAT implementation is
> broken or incomplete, or your NAT configuration also incorporates a
> firewall blocking NTP.  (Note also that if you connect through dial-up,
> naturally you're not going through any firewall present on the LAN, so
> a firewall could well be the problem.)
Probably, but there is still divergence between 6.2-RELEASE and 6.3-STABLE.

Thanks,
Pongthep

More information about the freebsd-stable mailing list