LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-24-2005, 10:04 AM   #1
jdavidbakr
LQ Newbie
 
Registered: Aug 2005
Posts: 2

Rep: Reputation: 0
NTP Time Server on FC4


We have an FC4 server running squid and mail relay, basically a gateway, for our LAN, and I'm trying to set it up as an NTP server. It's behind a load balancing with a firewall so I have firewall off (i.e. firewall is not the issue here, unless there's more firewall than I realize) and I have SELinux off as well.

I can get ntpd started fine, and in /var/log/messages I see this:

Aug 23 15:01:40 elmer ntpdate[5047]: step time server x.x.x.x offset -0.022521 sec
Aug 23 15:01:40 elmer ntpd[5051]: ntpd 4.2.0a@1.1190-r Thu Apr 14 07:45:36 EDT 2005 (1)
Aug 23 15:01:40 elmer ntpd[5051]: precision = 1.000 usec
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface wildcard, 0.0.0.0#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface wildcard, ::#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface lo, 127.0.0.1#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface eth0, 10.1.3.3#123
Aug 23 15:01:40 elmer ntpd[5051]: Listening on interface eth1, 192.168.1.115#123
Aug 23 15:01:40 elmer ntpd[5051]: kernel time sync status 0040
Aug 23 15:01:40 elmer ntpd[5051]: frequency initialized 0.000 PPM from /var/lib/ntp/drift

so it appears that it is listening on port 123. But when I run a portscan from another computer it doesn't appear that port 123 is open:

G5_iMac[jonbaker]:~$ nc -v -w 2 -z 192.168.1.115 100-200
elmer.wgm [192.168.1.115] 139 (netbios-ssn) open
elmer.wgm [192.168.1.115] 111 (sunrpc) open

The iptables rules is in a script that runs on startup, the actual section that executes is this:

# Clearing any existing rules and setting default policy
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F

# Squid rule
/sbin/iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port 3128

# FWD: Allow all connections OUT and only existing and related ones IN
/sbin/iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

# Enabling SNAT (MASQUERADE) functionality on $EXTIF
/sbin/iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# Open port 123 for ntp services
/sbin/iptables -A INPUT -p udp --dport 123 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --sport 123 -j ACCEPT

But, when I try to sync time using ntpdate I get this message:

24 Aug 10:00:13 ntpdate[10834]: no server suitable for synchronization found

Any idea what might be breaking this? I can ssh into the server fine, and it has apache running and serving web pages fine as well. This seems to be the only thing that's not working.

Thanks -
 
Old 08-25-2005, 03:55 AM   #2
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
NTP is a UDP protocol, so a port scan won't necessarily detect it because UDP is a sessionless protocol (i.e. it doesn't maintain an open session between hosts, it just sends out datagrams and hopes that they get to the remote host).

The ntpdate issue - this is probably because you haven't configured an upstream NTP server to synchronise with. This is in /etc/ntp/ntpservers, or you can configure it using system-config-date (which is actually preferred, according to the comment in the ntpservers file).

Last edited by cdhgee; 08-25-2005 at 03:58 AM.
 
Old 08-25-2005, 08:44 AM   #3
jdavidbakr
LQ Newbie
 
Registered: Aug 2005
Posts: 2

Original Poster
Rep: Reputation: 0
I think I found it, it looks like DHCP is deleting all my ntp configuration files. I changed both network ports to static (DHCP was assigning a static IP to the MAC address anyway) so we'll see if that fixes it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NTP and Daylight Savings Time jrdioko Linux - Software 8 11-01-2005 09:25 AM
ntp time sync eyewittness Linux - Networking 2 08-11-2004 09:18 AM
Has the Redhat ntp time server off-line pwalden Red Hat 3 04-08-2004 11:58 PM
setting my time server (ntp) Moses420ca Linux - Newbie 9 08-28-2003 03:34 PM
Network Time Protocol (NTP) for RH 7.3 LinuxQuest01 Linux - General 1 01-15-2003 03:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration