I have a question about the ntpd config file. This stems form my firewall stopping traffic from one of my Fedora8 boxes to three time servers.
Let me first say I know how to allow access trough the fire wall to the time servers, that is not really the question here.
I have what should be a default ntpd.conf file, see below:
Code:
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.fedora.pool.ntp.org
server 1.fedora.pool.ntp.org
server 2.fedora.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
restrict 0.fedora.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.fedora.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.fedora.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
server 192.168.1.1
restrict None mask 255.255.255.255 nomodify notrap noquery
From what I understand my Fedora8 box should be syncing from:
Code:
server 0.fedora.pool.ntp.org
server 1.fedora.pool.ntp.org
server 2.fedora.pool.ntp.org
server 192.168.1.1
Now here is the output from ntpdc peers comand:
Code:
remote local st poll reach delay offset disp
=======================================================================
=192.43.244.18 192.168.1.2 1 1024 40 0.05641 -0.001798 2.82416
=209.104.4.231 192.168.1.2 2 1024 0 0.10216 -0.008484 3.99217
=155.101.3.113 192.168.1.2 2 1024 0 0.08513 0.012093 3.99217
*192.168.1.1 192.168.1.2 3 1024 377 0.00085 0.000404 0.12178
with address resolved
Code:
remote local st poll reach delay offset disp
=======================================================================
=time.nist.gov 192.168.1.2 1 1024 201 0.05844 -0.002323 1.99107
=guinness.mcguyv 192.168.1.2 2 1024 0 0.10216 -0.008484 3.99217
=doctor-who.chpc 192.168.1.2 2 1024 0 0.08513 0.012093 3.99217
*192.168.1.1 192.168.1.2 3 1024 377 0.00084 0.000366 0.12175
The 3 top address above are the address that my fire wall is stopping. Has my box been hacked? Or is this the way that ntpd works? If this the way it works would it be ok to allow traffic to these hosts?
Thank you