Ntp Client

[Bruce McDonald]

Hello Bruce

On 19-Feb-04, you wrote:

> Hello Rick

> On 19-Feb-04, you wrote:

>> Bruce McDonald wrote:
>>> <Big Snip>
>>> 
>>> Rick's imparted knowledge:
>>> 
>>> 
>>>> Ok, let's try something simple.  Try:
>>> 
>>> 
>>>>    tcpdump port 123
>>> 
>>> 
>>>>> in one window, then stop and restart xntpd.  Verify that you actually
>>>>> see traffic.  If not, you might try turning off iptables and trying
>>>>> again.  If it works the second time, look higher up in your iptables
>>>>> to see if you have a block before your "--dport 123 -j ACCEPT" lines.
>>> 
>>> 
>>>> Due to the way PPPoE works with DSL, I needed to type tcpdump -i PPP0
>>>> port 123
>>> 
>>> 
>>>> Thanks Rick, you once again caused me to think in the right direction
>>>> to find where a problem lies.
>>> 
>>> 
>>>> Now I can see traffic. And the clock is correct, so I guess I will let
>>>> it run and see if it drifts by a significant amount in the next couple
>>>> of days. Interestingly, the drift file says 0.00; I find that hard to
>>>> believe. I think I'll have to delete it and restart ntpd to recalculate
>>>> the drift.


>>> Whoops, I forgot to give any of the tcpdump info.  Here is a snippet:

>>> 15:58:17.313929 my.assigned.ip.ntp > 204.34.198.40.ntp: v4 client strat
>>> 0 poll 4 prec -6 (DF)
>>> 15:58:17.372567 204.34.198.40.ntp > my.assigned.ip.ntp: v4 server strat
>>> 1 poll 4 prec -19 (DF)
>>> 15:58:18.313660 my.assigned.ip.ntp > 204.34.198.40.ntp: v4 client strat
>>> 0 poll 4 prec -6 (DF)
>>> 15:58:18.371575 204.34.198.40.ntp > my.assigned.ip.ntp: v4 server strat
>>> 1 poll 4 prec -19 (DF)
>>> 15:58:30.413835 my.assigned.ip.ntp > 63.247.194.250.ntp: v4 client strat
>>> 0 poll 6 prec -16 (DF) [tos 0x10] 15:58:30.477898 63.247.194.250.ntp >
>>> my.assigned.ip.ntp: v4 server strat 2 poll 6 prec -17 (DF)

>>> Also, when I restarted ntpd it read:

>>> Shutting down ntpd: [ OK ] ntpd: Synchronizing with time server:
>>> [FAILED] Starting ntpd: [ OK ]

>>> I hope the failed is not an evil omen.

>> Uh, I don't think so.  The standard RH9 ntpd stop/start script buggers
>> the firewall if it was configured by Lokkit before it shuts down the
>> ntpd server.  So, since ntpd tries to sync the clock one last time
>> before it goes bye-bye, the hole in the firewall gets closed before it
>> can and voila!  Error message!

> I think I banished the Lokkit rules, or at least supplanted them. I forget
> since I did that so long ago now. Not sure where the Lokkit rules
> live/lived to check that they won't bother me. I do start my own personal
> set of rule whenever I bring up the DSL.

>> And I'm not fond of the script's check as to whether the firewall was
>> set up (part of /etc/rc.d/init.d/ntpd):

>> # Is there a firewall running, and does it look like one we configured?
>> FWACTIVE=''
>> if iptables -L -n 2>/dev/null | grep -q RH-Lokkit-0-50-INPUT ; then
>>     FWACTIVE=1
>> fi

> I don't see the words RH-Lokkit-0-50-INPUT in the output of iptables -L.

>> Something in there doesn't track right.  "grep -q" will return 0 if
>> a match is found, which seems opposite of what's intended.

>> Oh, well, it's been a long day and I'm a bit fuzzy.  I'm probably
>> missing something simple.  Must have the 4th major food group for
>> nerds:

>>     1. Twinkies
> Don't have any.
>>     2. Kung Pao Chicken (or anything hot and spicy)
> Mmmmmm.
>>     3. Microwave Popcorn
> I pop it the hard way.
>>     4. Caffeine <----- Yeah!
> Not since this morning.

> Oh,  the clock is now 2 seconds ahead, and the rewritten drift file once
> again says 0.00; it will be interesting to see how the clock is tomorrow.


It doesn't look good...  I just checked the clock and it is now 10 seconds
fast.

Rick, you didn't mention anything about the info in the tcpdump snippet
earlier in the message; I assume that means it is fine.  To me it looks
like packets are sent and received, but I won't guarantee that I am reading
it right.  

I still am in a quandry as to why no servers listed have a + or a * in front
of them when I issue the ntpq -p command.  As I understand it, only servers
with a + are being used, and the one with an * is the primary.  Is that
correct?

I deleted the drift file before restarting ntpd, since the info I found on
it states that it will go into a special mode to find the drift before
settling down to normal operation if the drift file does not exist.  Of
course, all this seems to have gotten me is a new drift file that say no
drift when I obviously can see the clock drifting.

The only time I saw the drift file read something other than 0.00 was the
one time I used Set Time & Date under Gnome, unfortunatly I didn't write it
down; but it did have the number 8 in one of the places.  So I know that
deep down, somewhere... it actually works.


Regards,
Bruce McDonald

"Get the Gremlin gun, its time to go hunting."