LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-07-2013, 12:41 AM   #1
rng
Member
 
Registered: Aug 2011
Posts: 747

Rep: Reputation: 23
ntpdate problem


I am using Debian-Testing and using ntpdate-debian for updating the time (ntpdate is taking a long time). I have following in /etc/rc.local file to open firewall otherwise ntpdate-debian does not work:
Code:
{ iptables-restore openall.rules; ntpdate-debian; iptables-restore blockall.rules } &
The first iptables-restore and ntpdate-debian commands work all right but the third command (iptables-restore blockall.rules) does not work. I check the status with 'sudo iptables-save' command after booting. How can I sort this problem? Thanks for your help.
 
Old 01-07-2013, 03:36 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
"does not work" is really not much use. if you run the ntpdate command with the firewall in the appropriate state, what actually happens?

Why are you doing any of this in the first place? What are you not permitting ntp to known destinations all the time, and use ntpd?
 
Old 01-07-2013, 08:55 AM   #3
rng
Member
 
Registered: Aug 2011
Posts: 747

Original Poster
Rep: Reputation: 23
I do not want to have a daemon running all the time. I want to synchronise time just once (at startup).

So I was initially using the command "{ntpd -qg; sudo hwclock -w}&;" in /etc/rc.local, but I noticed that it takes a long time to work when entered this command from commandline.

Then I noticed this "ntpdate" package in debian-testing repo. The command "sudo ntpdate" gives the error: "no servers can be used, exiting".

The command "sudo ntpdate-debian" works all right but needs some port to be unblocked. So I have to enter command to open the iptables temporarily. Otherwise it reports "sendto(ns02.hns.net.in): Operation not permitted" for all URLs.

Last edited by rng; 01-07-2013 at 08:59 AM.
 
Old 01-07-2013, 09:21 AM   #4
legolasthehansy
LQ Newbie
 
Registered: Dec 2006
Posts: 16

Rep: Reputation: 1
You should specify a NTP server while running the command 'sudo ntpdate' like

sudo ntpdate -u <some time server>

The UDP port 123 should be open on the firewall.
 
Old 01-07-2013, 10:22 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
ntpd uses absolutely minimal amounts of resources, and when running healthily won't even check once a day. There's no good reason for not running it. But either way, ntpdate and ntpd both use /etc/ntp.conf so, you'll need to configure it.

you shouldn't be using sudo in an rc.local file either as it's already root.
 
Old 01-07-2013, 11:01 AM   #6
rng
Member
 
Registered: Aug 2011
Posts: 747

Original Poster
Rep: Reputation: 23
Does /etc/rc.local get executed before iptables package start the firewall? Is the iptables firewall state restored after reboot automatically and does it occur before /etc/rc.local execution? Do I really need to run a command to open iptables firewall at this stage?

Last edited by rng; 01-07-2013 at 11:08 AM.
 
Old 01-07-2013, 11:09 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
rc.local would be the VERY last thing executed automatically by the init process. you should update the rulebase to permanently allow outbound connections to 123/UDP and forget about messing with iptables just to set the clock.
 
Old 01-08-2013, 07:41 AM   #8
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,267
Blog Entries: 3

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
Member Response

Hi,
Quote:
Originally Posted by rng View Post
I do not want to have a daemon running all the time. I want to synchronise time just once (at startup).

So I was initially using the command "{ntpd -qg; sudo hwclock -w}&;" in /etc/rc.local, but I noticed that it takes a long time to work when entered this command from commandline.

Then I noticed this "ntpdate" package in debian-testing repo. The command "sudo ntpdate" gives the error: "no servers can be used, exiting".

The command "sudo ntpdate-debian" works all right but needs some port to be unblocked. So I have to enter command to open the iptables temporarily. Otherwise it reports "sendto(ns02.hns.net.in): Operation not permitted" for all URLs.
Why not setup a script for cron;
Code:
~# cat /etc/cron.hourly/time
#!/bin/sh
#11-06-06 gws use ntpdate
 /usr/sbin/ntpdate -v 0.us.pool.ntp.org ntp-1.mcs.anl.gov ntp-2.mcs.anl.gov &&hwclock --systohc
I set mine to '/etc/cron.hourly' so I get my clock set. You could set a time for cron to run once a day or use 'cron.daily' or however your Gnu/Linux is configured for 'cron'. You can just create a 'cron' job to task at whatever setting(s) you wish. Please be sure to use a 'pool'. Of course you should setup the firewall if you have blocked. But why block in the first place? I agree with 'acid_kewpie'. Setup your connection.

HTH!
 
Old 01-08-2013, 08:59 AM   #9
rng
Member
 
Registered: Aug 2011
Posts: 747

Original Poster
Rep: Reputation: 23
Thanks to all you experts for helping me on this.
 
Old 01-08-2013, 03:54 PM   #10
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,267
Blog Entries: 3

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
Member Response

Hi,

Your Welcome!

Please provide feedback for the thread on what you decide to do so other members can be helped by the solution(s).
 
Old 01-08-2013, 04:13 PM   #11
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
Quote:
Originally Posted by onebuck View Post
Your Welcome!
You're ;-)
 
Old 01-08-2013, 10:12 PM   #12
rng
Member
 
Registered: Aug 2011
Posts: 747

Original Poster
Rep: Reputation: 23
I realized that the command "{ntpd -qg; hwclock -w}&;" in /etc/rc.local keeps the time correct on my computer, though this command does not work later on because of the firewall! I think that firewall is not active when rc.local gets executed.
 
Old 01-09-2013, 02:12 AM   #13
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
UDP/123 should not be blocked.
 
Old 01-09-2013, 02:30 AM   #14
rng
Member
 
Registered: Aug 2011
Posts: 747

Original Poster
Rep: Reputation: 23
Quote:
UDP/123 should not be blocked.
I need to update the time only once- at startup. Any particular reason I should keep UDP/123 open all the time?

According to this site (http://www.speedguide.net/port.php?port=123), it may also pose security threat.
 
Old 01-09-2013, 02:39 AM   #15
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
because that's good time management. Good sysadmin practise has all machines running ntpd. It is not a risk when ntpd is well configured.

ntpd does not periodically set the time, it tracks the reliability of the local system clock and uses multiple remote servers (Whereas ntpdate will only use one single server once) to understand how quickly the time is drifting off and make adjust the clock speed to keep it constantly correct.

Last edited by acid_kewpie; 01-09-2013 at 02:40 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ntpdate XXX works ; ntpdate -q XXX don't works - ntpd stays on local oudoubah Linux - Software 5 12-12-2011 07:28 AM
regarding ntpdate niaz_ph Linux - Newbie 1 01-12-2010 10:03 PM
Problem with ntpdate script ionmich Suse/Novell 3 08-18-2008 02:02 AM
NTPDATE didn't work - some firewall problem - Please help! biancap Linux - Networking 7 06-25-2008 09:37 AM
ntpdate configuration? introuble Debian 5 03-26-2006 12:04 PM


All times are GMT -5. The time now is 05:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration