[SOLVED] adjust time: sntp works, but ntpd does not?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just off the cuff (and x-ing my fingers hoping its right), one is a daemon (ntpd) and the other is not. You might have to background the daemon with a '&' at the end of your command ...
ntpdate (if it still exists) will do the same as sntp
Dear mancha,
thank You very much for Your reply.
This is the output strace:
Code:
strace -o ntpd.trace /usr/sbin/ntpd -gqc /dev/null bg.pool.ntp.org
28 Jun 18:21:52 ntpd[29583]: ntpd 4.2.8p2@1.3265-o Fri Apr 10 18:50:36 UTC 2015 (1): Starting
28 Jun 18:21:52 ntpd[29583]: Command line: /usr/sbin/ntpd -gqc /dev/null bg.pool.ntp.org
28 Jun 18:21:52 ntpd[29583]: proto: precision = 0.043 usec (-24)
28 Jun 18:21:52 ntpd[29583]: line 0 column 0 syntax error, unexpected $end
28 Jun 18:21:52 ntpd[29583]: Listen and drop on 0 v6wildcard [::]:123
28 Jun 18:21:52 ntpd[29583]: Listen and drop on 1 v4wildcard 0.0.0.0:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 2 lo 127.0.0.1:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 3 ppp0 193.68.19.128:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 4 lo [::1]:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 5 eth0 [fe80::3a2c:4aff:feb5:5b1d%2]:123
28 Jun 18:21:52 ntpd[29583]: Listening on routing socket on fd #22 for interface updates
My hunch was correct, your firewall is blocking the reply.
The reason sntp is working for you is because it uses random high ports. On the other hand, ntpd uses a low port (port 123 locally)
and your firewall blocks incoming packets to low ports (1023 and lower).
Now, though UDP is technically stateless, Linux's netfilter connection tracking system is clever and has ways of determining if an
incoming UDP datagram is part of an existing connection you previously established.
So, a possible solution for your issue is to permit incoming packets on the ppp0 interface that are part of an existing connection
(i.e. replies) while still blocking new incoming connections to ports 1-1023. This can be achieved by inserting the rule in red:
Code:
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A INPUT -i ppp+ -p icmp -m icmp --icmp-type 8 -j DROP
Note: order is important so make sure you insert the rule where I placed it (i.e. as rule #3).
--mancha
PS If you want to only allow established/related packets in to UDP/123 (which is all you will need for ntpd to work as you want it),
you can use this more restrictive rule instead:
Thank You very much for Your helpfulness and collaboration. I just corrected the firewall-standalone file
in the ppp directory and now ntpd -gq works. Thank You very much!
Thank You very much for Your helpfulness and collaboration. I just corrected the firewall-standalone file
in the ppp directory and now ntpd -gq works. Thank You very much!
You're welcome Martin - glad you've got it working.
An ancillary benefit is others who've been reading this thread might have learned a thing or two from our exchange.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.