Re: ntpd losing synchronization

To: debian-user@lists.debian.org
Subject: Re: ntpd losing synchronization
From: Tadeusz Bak <T.Bak@unsw.edu.au>
Date: Fri, 23 May 2003 11:08:26 +1000 (EST)
Message-id: <[🔎] Pine.LNX.4.21.0305231038020.21359-100000@zuzia.materials.unsw.edu.au>
In-reply-to: <[🔎] 3ECD223F.1070102@astcomm.net>


On Thu, 22 May 2003, Donald Spoon wrote:

> Kudos on getting ntpd working on your firewall and synching with an 
> external source!  I have not been able to do this here :(  I can run 
> ntpd on another machine on my LAN and get it to synch externally just 
> fine, but NOT on the firewall machine.  I "think" it has something to do 
> with it having 2 NICs and ntpd gets confused...dunno for sure.  Do you 
> have any "hints" or "tricks" you employed to get your setup working??

I have it working on a potato machine (which uses ipchains, not
iptables) with ntp version 1:4.0.99g-2potato2. There are the relevant
parts of my firewall script:

    # NTP client (123) (tcp and udp)
    # ----------------
    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
             -s $IPADDR 123 -d $NTP_SERVER1 123 -j ACCEPT
    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
             -s $IPADDR $UNPRIVPORTS -d $NTP_SERVER1 123 -j ACCEPT
    ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
             -s $IPADDR 123 -d $NTP_SERVER1 123 -j ACCEPT
    ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
             -s $IPADDR $UNPRIVPORTS -d $NTP_SERVER1 123 -j ACCEPT
    ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
             -s $NTP_SERVER1 123 -d $IPADDR 123 -j ACCEPT
    ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
             -s $NTP_SERVER1 123 -d $IPADDR $UNPRIVPORTS -j ACCEPT
    ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
             -s $NTP_SERVER1 123 -d $IPADDR 123 -j ACCEPT
    ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
             -s $NTP_SERVER1 123 -d $IPADDR $UNPRIVPORTS -j ACCEPT

And the same as above for NTP_SERVER2 and NTP_SERVER3. Of course all ntp
servers are external to my local network. Earlier in the script I have
definitions:

EXTERNAL_INTERFACE="eth0"               # Internet connected interface
LOOPBACK_INTERFACE="lo"                 # or your local naming convention
LOCAL_INTERFACE_1="eth1"                # internal LAN interface
IPADDR="<address of my eth0 interface>"
UNPRIVPORTS="1024:65535"                # unprivileged port range

The default policy is set to DENY and then the unlimited traffic within
local network is enabled:

    # All internal machines have access to the fireall machine.

    ipchains -A input  -i $LOCAL_INTERFACE_1 -s $LOCALNET_1 -j ACCEPT
    ipchains -A output -i $LOCAL_INTERFACE_1 -d $LOCALNET_1 -j ACCEPT

Using this configuration my firewall machine is synchronised with external
time servers and local machines (running ntpd or ntpdate) are
synchronised with the computer running firewall.

HTH,

  Tad

Reply to:

References:
- Re: ntpd losing synchronization
  - From: Donald Spoon <dspoon@astcomm.net>

Prev by Date: Re: Doh - i'm having a THICK moment
Next by Date: Re: [Very OT] Pigeons
Previous by thread: Re: ntpd losing synchronization
Next by thread: best way to set new console fonts?
Index(es):
- Date
- Thread