From owner-freebsd-questions@FreeBSD.ORG Sun Jun 18 09:34:38 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B057B16A47B for ; Sun, 18 Jun 2006 09:34:38 +0000 (UTC) (envelope-from nick@nickwithers.com) Received: from mail.nickwithers.com (mail.manrags.com [203.219.206.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80CA343D58 for ; Sun, 18 Jun 2006 09:34:36 +0000 (GMT) (envelope-from nick@nickwithers.com) Received: from localhost (shmick.shmon.net [10.0.0.252]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.nickwithers.com (Postfix) with ESMTP id 846A43AA8F; Sun, 18 Jun 2006 19:34:25 +1000 (EST) Date: Sun, 18 Jun 2006 19:34:25 +1000 From: Nick Withers To: Charles Bacon Message-Id: <20060618193425.c07b9177.nick@nickwithers.com> In-Reply-To: <20060617211012.R54707@tomato.local> References: <20060617211012.R54707@tomato.local> Organization: nickwithers.com X-Mailer: Sylpheed version 2.2.6 (GTK+ 2.8.19; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-nickwithers-MailScanner: Found to be clean X-nickwithers-MailScanner-From: nick@nickwithers.com Cc: questions@freebsd.org Subject: Re: Getting NTP (ntpd, ntpdate) to work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2006 09:34:38 -0000 On Sat, 17 Jun 2006 21:30:55 -0400 (EDT) Charles Bacon wrote: > Since FreeBSD 4.5-Release, I have been unable to get NTP working on > my two FreeBSD computers, one running 5.3Release and the other on > 6.1Release. I have done nothing with the GENERIC kernel on either > machine. I talk SSH between them, and have been running ntpd on > both, each naming the other as well as two external servers. > > My network is a typical home net, using 192.168.1/28, You mean /24 (i.e.: 255.255.255.0, Class C), yeah? > served by a DSL router which does NAT for my external traffic. > Internal comms. is through switches, plus one hub. Each computer > (plus some others running Windows) has easy access out, and is > invisible from the Internet exceptt for responses. > > Here's my ntp.conf, identical on my two computers: > > server ntp.cape.com > server ntp.ourconcord.net > driftfile /var/db/ntp.drift > logfile /var/log/ntplog > pidfile /var/run/ntpd.pid > logconfig =all > peer 192.168.1.3 > peer 192.168.1.2 (much comments removed) > > With mediocre diagnostic skill, I have finally discovered tcpdump. > It told me after much experiment, that the relevant port (NTP, 123) was > unreachable. This sounds significant, but I can't find a list of the > reachability of ports. Try netstat(1). "netstat -anp udp" might be of help in particular, here. > I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems > to exist in /dev. > > I had expected that GENERIC would impose only slight filtering somehow, > and certainly not shut off NTP! I guess I need help. If you've loaded a firewall such as IPFW in /etc/rc.conf a kernel module will be loaded for it, if it's not compiled statically into hte kernel already (which it isn't on GENERIC for either 5.3-RELEASE or 6.1-RELEASE). "kldstat" will list loaded modules (and the IPFW module is ipfw.ko). > Thanks for any help you can give, and I accept any opprobrium for trying > to be a sysadmin, even for my home boxen. > > Chuck Bacon -- crtb@cape.com > ABHOR SECRECY -- DEFEND PRIVACY -- Nick Withers email: nick@nickwithers.com Web: http://www.nickwithers.com Mobile: +61 414 397 446