LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-22-2008, 08:01 PM   #1
mikesjays
Member
 
Registered: Dec 2005
Distribution: FC8, FC9, FC10
Posts: 30

Rep: Reputation: 15
ntpd config question?


I have a question about the ntpd config file. This stems form my firewall stopping traffic from one of my Fedora8 boxes to three time servers.

Let me first say I know how to allow access trough the fire wall to the time servers, that is not really the question here.

I have what should be a default ntpd.conf file, see below:

Code:
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.fedora.pool.ntp.org
server 1.fedora.pool.ntp.org
server 2.fedora.pool.ntp.org

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. 
#server 127.127.1.0     # local clock
#fudge  127.127.1.0 stratum 10  

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
restrict 0.fedora.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.fedora.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.fedora.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
server 192.168.1.1
restrict None mask 255.255.255.255 nomodify notrap noquery
From what I understand my Fedora8 box should be syncing from:
Code:
server 0.fedora.pool.ntp.org
server 1.fedora.pool.ntp.org
server 2.fedora.pool.ntp.org
server 192.168.1.1
Now here is the output from ntpdc peers comand:
Code:
     remote           local      st poll reach  delay   offset    disp
=======================================================================
=192.43.244.18   192.168.1.2      1 1024   40 0.05641 -0.001798 2.82416
=209.104.4.231   192.168.1.2      2 1024    0 0.10216 -0.008484 3.99217
=155.101.3.113   192.168.1.2      2 1024    0 0.08513  0.012093 3.99217
*192.168.1.1     192.168.1.2      3 1024  377 0.00085  0.000404 0.12178
with address resolved
Code:
     remote           local      st poll reach  delay   offset    disp
=======================================================================
=time.nist.gov   192.168.1.2      1 1024  201 0.05844 -0.002323 1.99107
=guinness.mcguyv 192.168.1.2      2 1024    0 0.10216 -0.008484 3.99217
=doctor-who.chpc 192.168.1.2      2 1024    0 0.08513  0.012093 3.99217
*192.168.1.1     192.168.1.2      3 1024  377 0.00084  0.000366 0.12175
The 3 top address above are the address that my fire wall is stopping. Has my box been hacked? Or is this the way that ntpd works? If this the way it works would it be ok to allow traffic to these hosts?

Thank you
 
Old 04-23-2008, 02:25 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
erm.. what? what is wrong?? clearly your firewall isn't stopping their access at all... note that ntp pools are... pools. They are random DNS entries which point to any one of thousands of potential ntp servers, and they'll *never* resolve back to the dns name in the file.
 
Old 04-23-2008, 05:21 PM   #3
mikesjays
Member
 
Registered: Dec 2005
Distribution: FC8, FC9, FC10
Posts: 30

Original Poster
Rep: Reputation: 15
That is all I just wanted to make sure there was noting wrong.

Thank you
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NTPd Config: Setting "minpoll" and "maxpoll" turbopro Linux - Server 0 12-16-2006 07:56 AM
I wrote an rc.ntpd, RFC and question jamesf Slackware 5 08-12-2006 01:48 AM
ntpd seitan Linux - Software 1 11-29-2004 05:30 AM
samba smb.config question (quick question) TheDOGG Linux - Networking 1 03-02-2004 07:19 AM
ntpd jqcaducifer Linux - General 0 08-21-2003 11:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration