ntpd jail problem
xorquewasp at googlemail.com
xorquewasp at googlemail.com
Sun Jun 8 12:16:23 UTC 2008
On 20080608 22:10:27, Peter Jeremy wrote:
> On 2008-Jun-08 11:32:54 +0100, xorquewasp at googlemail.com wrote:
> >I'm running an openntpd instance on the host machine, which syncs the
> >clock from the pool at pool.ntp.org. From the log output, ntpd claims to
> >be synced and the time does seem to be correct.
> >
> >I'm then running another openntpd in a jail which doesn't set the time,
> >just serves it to clients.
>
> I've never used openntpd but for the base ntpd, you should be able to
> just use 'server 127.127.1.0' to make it trust (and not alter) the
> base system time. Note that this openntpd will not have access to the
> stratum information from the main ntpd but will have a fixed value and
> may need to be adjusted using a 'fudge' command (or equivalent).
Ok. Right.
> I'd be interested in knowing why you chose this approach rather than
> just syncing clients to the [open]ntpd instance in the host machine.
Just basic paranoia really. Nothing on the host is network-visible, all the
services are in jails.
Thanks for the information.
More information about the freebsd-hackers
mailing list