Ntp Client

Bruce McDonald brucemcdonal at mindspring.com
Fri Feb 20 07:13:30 UTC 2004 

Hello Rick

On 19-Feb-04, you wrote:

> Bruce McDonald wrote:
>> <Big Snip>
>> 
>> Rick's imparted knowledge:
>> 
>> 
>>> Ok, let's try something simple.  Try:
>> 
>> 
>>>    tcpdump port 123
>> 
>> 
>>>> in one window, then stop and restart xntpd.  Verify that you actually
>>>> see traffic.  If not, you might try turning off iptables and trying
>>>> again.  If it works the second time, look higher up in your iptables
>>>> to see if you have a block before your "--dport 123 -j ACCEPT" lines.
>> 
>> 
>>> Due to the way PPPoE works with DSL, I needed to type tcpdump -i PPP0
>>> port 123
>> 
>> 
>>> Thanks Rick, you once again caused me to think in the right direction to
>>> find where a problem lies.
>> 
>> 
>>> Now I can see traffic. And the clock is correct, so I guess I will let
>>> it run and see if it drifts by a significant amount in the next couple
>>> of days. Interestingly, the drift file says 0.00; I find that hard to
>>> believe. I think I'll have to delete it and restart ntpd to recalculate
>>> the drift.


>> Whoops, I forgot to give any of the tcpdump info.  Here is a snippet:

>> 15:58:17.313929 my.assigned.ip.ntp > 204.34.198.40.ntp: v4 client strat 0
>> poll 4 prec -6 (DF)
>> 15:58:17.372567 204.34.198.40.ntp > my.assigned.ip.ntp: v4 server strat 1
>> poll 4 prec -19 (DF)
>> 15:58:18.313660 my.assigned.ip.ntp > 204.34.198.40.ntp: v4 client strat 0
>> poll 4 prec -6 (DF)
>> 15:58:18.371575 204.34.198.40.ntp > my.assigned.ip.ntp: v4 server strat 1
>> poll 4 prec -19 (DF)
>> 15:58:30.413835 my.assigned.ip.ntp > 63.247.194.250.ntp: v4 client strat
>> 0 poll 6 prec -16 (DF) [tos 0x10] 15:58:30.477898 63.247.194.250.ntp >
>> my.assigned.ip.ntp: v4 server strat 2 poll 6 prec -17 (DF)

>> Also, when I restarted ntpd it read:

>> Shutting down ntpd: [ OK ] ntpd: Synchronizing with time server: [FAILED]
>> Starting ntpd: [ OK ]

>> I hope the failed is not an evil omen.

> Uh, I don't think so.  The standard RH9 ntpd stop/start script buggers
> the firewall if it was configured by Lokkit before it shuts down the
> ntpd server.  So, since ntpd tries to sync the clock one last time
> before it goes bye-bye, the hole in the firewall gets closed before it
> can and voila!  Error message!

I think I banished the Lokkit rules, or at least supplanted them.  I forget
since I did that so long ago now.  Not sure where the Lokkit rules
live/lived to check that they won't bother me.  I do start my own personal
set of rule whenever I bring up the DSL.

> And I'm not fond of the script's check as to whether the firewall was
> set up (part of /etc/rc.d/init.d/ntpd):

> # Is there a firewall running, and does it look like one we configured?
> FWACTIVE=''
> if iptables -L -n 2>/dev/null | grep -q RH-Lokkit-0-50-INPUT ; then
>     FWACTIVE=1
> fi

I don't see the words RH-Lokkit-0-50-INPUT in the output of iptables -L.

> Something in there doesn't track right.  "grep -q" will return 0 if
> a match is found, which seems opposite of what's intended.

> Oh, well, it's been a long day and I'm a bit fuzzy.  I'm probably
> missing something simple.  Must have the 4th major food group for
> nerds:

>     1. Twinkies
Don't have any.
>     2. Kung Pao Chicken (or anything hot and spicy)
Mmmmmm.
>     3. Microwave Popcorn
I pop it the hard way.
>     4. Caffeine <----- Yeah!
Not since this morning.

Oh,  the clock is now 2 seconds ahead, and the rewritten drift file once
again says 0.00; it will be interesting to see how the clock is tomorrow.


Regards,
Bruce McDonald

More information about the Redhat-install-list mailing list