Getting NTP (ntpd, ntpdate) to work
Charles Bacon
crtb at cape.com
Sun Jul 2 22:03:28 UTC 2006
Thanks for the return! I've discovered my ISP has apparently shut off
port 123 (NTP), and if I do ntpdate -u ntp.cape.com I get my
time set! But ntpq lacks ntpdate's option to use an unprivileged port.
I guess time is come to ask my ISP. (Shouldn't I have done tha before :-]
Again thanks!
Chuck Bacon -- crtb at cape.com
ABHOR SECRECY -- DEFEND PRIVACY
PS: Yes, I use netmask 255.255.255.240 (0xfffffff0); a vain hope that
there's a tiny increment of security in it, and a belief in the definitions
of net classes.
On Sun, 18 Jun 2006, Nick Withers wrote:
> On Sat, 17 Jun 2006 21:30:55 -0400 (EDT)
> Charles Bacon <crtb at cape.com> wrote:
>
>> Since FreeBSD 4.5-Release, I have been unable to get NTP working on
>> my two FreeBSD computers, one running 5.3Release and the other on
>> 6.1Release. I have done nothing with the GENERIC kernel on either
>> machine. I talk SSH between them, and have been running ntpd on
>> both, each naming the other as well as two external servers.
>>
>> My network is a typical home net, using 192.168.1/28,
>
> You mean /24 (i.e.: 255.255.255.0, Class C), yeah?
>
>> served by a DSL router which does NAT for my external traffic.
>> Internal comms. is through switches, plus one hub. Each computer
>> (plus some others running Windows) has easy access out, and is
>> invisible from the Internet exceptt for responses.
>>
>> Here's my ntp.conf, identical on my two computers:
>>
>> server ntp.cape.com
>> server ntp.ourconcord.net
>> driftfile /var/db/ntp.drift
>> logfile /var/log/ntplog
>> pidfile /var/run/ntpd.pid
>> logconfig =all
>> peer 192.168.1.3
>> peer 192.168.1.2 (much comments removed)
>>
>> With mediocre diagnostic skill, I have finally discovered tcpdump.
>> It told me after much experiment, that the relevant port (NTP, 123) was
>> unreachable. This sounds significant, but I can't find a list of the
>> reachability of ports.
>
> Try netstat(1). "netstat -anp udp" might be of help in
> particular, here.
>
>> I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems
>> to exist in /dev.
>>
>> I had expected that GENERIC would impose only slight filtering somehow,
>> and certainly not shut off NTP! I guess I need help.
>
> If you've loaded a firewall such as IPFW in /etc/rc.conf a
> kernel module will be loaded for it, if it's not compiled
> statically into hte kernel already (which it isn't on GENERIC
> for either 5.3-RELEASE or 6.1-RELEASE). "kldstat" will list
> loaded modules (and the IPFW module is ipfw.ko).
>
>> Thanks for any help you can give, and I accept any opprobrium for trying
>> to be a sysadmin, even for my home boxen.
>>
>> Chuck Bacon -- crtb at cape.com
>> ABHOR SECRECY -- DEFEND PRIVACY
> --
> Nick Withers
> email: nick at nickwithers.com
> Web: http://www.nickwithers.com
> Mobile: +61 414 397 446
More information about the freebsd-questions
mailing list