NTPD in jail

dweimer dweimer at dweimer.net
Tue Apr 7 14:23:22 UTC 2015

I understand that a jail can't update the servers time, but I recently 
migrated a physical FreeBSD machine into a FreeBSD jail. That machine 
was one of the 3 machines that I ran NTPD on to sync to internet time 
servers, and pointed my internal machines at. I have configured the host 
to sync to the internet time servers. And setup the jail to only have 
the fake fudge server, figuring that the host ntpd process 
would keep the server synced and this would allow the internal clients 
to sync to it without having to change them all to point at the hosts IP 
address instead.
I have both processes limited to the correct external IPs to avoid port 
conflicts, however the jails NTPD service periodically fails, the only 
log entries I see are the "Apr  7 09:01:27 proxy1 ntpd[48446]: 
local_clock: ntp_loopfilter.c line 709: ntp_adjtime: Operation not 
permitted" but at some point it's no longer running to answer query's.

I plan to add DNS CNAMEs for NTP1, NTP2, NTP3 to reference the NTP 
servers from the clients and update the CNAMEs if hosts change in the 

In the short term to make sure clients don't lose their time sync does 
anyone have a work around that will allow NTPD to run on the jail?

    Dean E. Weimer

More information about the freebsd-questions mailing list