Getting NTP (ntpd, ntpdate) to work

[Charles Bacon]

Thanks for the return!  I've discovered my ISP has apparently shut off
port 123 (NTP), and if I do    ntpdate -u ntp.cape.com    I get my
time set!  But ntpq lacks ntpdate's option to use an unprivileged port.
I guess time is come to ask my ISP.  (Shouldn't I have done tha before :-]

Again thanks!
 	Chuck Bacon -- crtb at cape.com
 		ABHOR SECRECY -- DEFEND PRIVACY
PS: Yes, I use netmask 255.255.255.240 (0xfffffff0); a vain hope that
there's a tiny increment of security in it, and a belief in the definitions
of net classes.

On Sun, 18 Jun 2006, Nick Withers wrote:
> On Sat, 17 Jun 2006 21:30:55 -0400 (EDT)
> Charles Bacon <crtb at cape.com> wrote:
>
>> Since FreeBSD 4.5-Release, I have been unable to get NTP working on
>> my two FreeBSD computers, one running 5.3Release and the other on
>> 6.1Release.  I have done nothing with the GENERIC kernel on either
>> machine.  I talk SSH between them, and have been running ntpd on
>> both, each naming the other as well as two external servers.
>>
>> My network is a typical home net, using 192.168.1/28,
>
> You mean /24 (i.e.: 255.255.255.0, Class C), yeah?
>
>> served by a DSL router which does NAT for my external traffic.
>> Internal comms. is through switches, plus one hub.  Each computer
>> (plus some others running Windows) has easy access out, and is
>> invisible from the Internet exceptt for responses.
>>
>> Here's my ntp.conf, identical on my two computers:
>>
>>  	server ntp.cape.com
>>  	server ntp.ourconcord.net
>>  	driftfile /var/db/ntp.drift
>>  	logfile /var/log/ntplog
>>  	pidfile /var/run/ntpd.pid
>>  	logconfig =all
>>  	peer 192.168.1.3
>>  	peer 192.168.1.2		(much comments removed)
>>
>> With mediocre diagnostic skill, I have finally discovered tcpdump.
>> It told me after much experiment, that the relevant port (NTP, 123) was
>> unreachable.  This sounds significant, but I can't find a list of the
>> reachability of ports.
>
> Try netstat(1). "netstat -anp udp" might be of help in
> particular, here.
>
>> I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems
>> to exist in /dev.
>>
>> I had expected that GENERIC would impose only slight filtering somehow,
>> and certainly not shut off NTP!  I guess I need help.
>
> If you've loaded a firewall such as IPFW in /etc/rc.conf a
> kernel module will be loaded for it, if it's not compiled
> statically into hte kernel already (which it isn't on GENERIC
> for either 5.3-RELEASE or 6.1-RELEASE). "kldstat" will list
> loaded modules (and the IPFW module is ipfw.ko).
>
>> Thanks for any help you can give, and I accept any opprobrium for trying
>> to be a sysadmin, even for my home boxen.
>>
>>  	Chuck Bacon -- crtb at cape.com
>>  		ABHOR SECRECY -- DEFEND PRIVACY
> -- 
> Nick Withers
> email: nick at nickwithers.com
> Web: http://www.nickwithers.com
> Mobile: +61 414 397 446