Ntp Client
Bruce McDonald
brucemcdonal at mindspring.com
Fri Feb 20 07:13:30 UTC 2004
Hello Rick
On 19-Feb-04, you wrote:
> Bruce McDonald wrote:
>> <Big Snip>
>>
>> Rick's imparted knowledge:
>>
>>
>>> Ok, let's try something simple. Try:
>>
>>
>>> tcpdump port 123
>>
>>
>>>> in one window, then stop and restart xntpd. Verify that you actually
>>>> see traffic. If not, you might try turning off iptables and trying
>>>> again. If it works the second time, look higher up in your iptables
>>>> to see if you have a block before your "--dport 123 -j ACCEPT" lines.
>>
>>
>>> Due to the way PPPoE works with DSL, I needed to type tcpdump -i PPP0
>>> port 123
>>
>>
>>> Thanks Rick, you once again caused me to think in the right direction to
>>> find where a problem lies.
>>
>>
>>> Now I can see traffic. And the clock is correct, so I guess I will let
>>> it run and see if it drifts by a significant amount in the next couple
>>> of days. Interestingly, the drift file says 0.00; I find that hard to
>>> believe. I think I'll have to delete it and restart ntpd to recalculate
>>> the drift.
>> Whoops, I forgot to give any of the tcpdump info. Here is a snippet:
>> 15:58:17.313929 my.assigned.ip.ntp > 204.34.198.40.ntp: v4 client strat 0
>> poll 4 prec -6 (DF)
>> 15:58:17.372567 204.34.198.40.ntp > my.assigned.ip.ntp: v4 server strat 1
>> poll 4 prec -19 (DF)
>> 15:58:18.313660 my.assigned.ip.ntp > 204.34.198.40.ntp: v4 client strat 0
>> poll 4 prec -6 (DF)
>> 15:58:18.371575 204.34.198.40.ntp > my.assigned.ip.ntp: v4 server strat 1
>> poll 4 prec -19 (DF)
>> 15:58:30.413835 my.assigned.ip.ntp > 63.247.194.250.ntp: v4 client strat
>> 0 poll 6 prec -16 (DF) [tos 0x10] 15:58:30.477898 63.247.194.250.ntp >
>> my.assigned.ip.ntp: v4 server strat 2 poll 6 prec -17 (DF)
>> Also, when I restarted ntpd it read:
>> Shutting down ntpd: [ OK ] ntpd: Synchronizing with time server: [FAILED]
>> Starting ntpd: [ OK ]
>> I hope the failed is not an evil omen.
> Uh, I don't think so. The standard RH9 ntpd stop/start script buggers
> the firewall if it was configured by Lokkit before it shuts down the
> ntpd server. So, since ntpd tries to sync the clock one last time
> before it goes bye-bye, the hole in the firewall gets closed before it
> can and voila! Error message!
I think I banished the Lokkit rules, or at least supplanted them. I forget
since I did that so long ago now. Not sure where the Lokkit rules
live/lived to check that they won't bother me. I do start my own personal
set of rule whenever I bring up the DSL.
> And I'm not fond of the script's check as to whether the firewall was
> set up (part of /etc/rc.d/init.d/ntpd):
> # Is there a firewall running, and does it look like one we configured?
> FWACTIVE=''
> if iptables -L -n 2>/dev/null | grep -q RH-Lokkit-0-50-INPUT ; then
> FWACTIVE=1
> fi
I don't see the words RH-Lokkit-0-50-INPUT in the output of iptables -L.
> Something in there doesn't track right. "grep -q" will return 0 if
> a match is found, which seems opposite of what's intended.
> Oh, well, it's been a long day and I'm a bit fuzzy. I'm probably
> missing something simple. Must have the 4th major food group for
> nerds:
> 1. Twinkies
Don't have any.
> 2. Kung Pao Chicken (or anything hot and spicy)
Mmmmmm.
> 3. Microwave Popcorn
I pop it the hard way.
> 4. Caffeine <----- Yeah!
Not since this morning.
Oh, the clock is now 2 seconds ahead, and the rewritten drift file once
again says 0.00; it will be interesting to see how the clock is tomorrow.
Regards,
Bruce McDonald
More information about the Redhat-install-list
mailing list