Date: Sun, 2 Jul 2006 18:02:53 -0400 (EDT) From: Charles Bacon <crtb@cape.com> To: Nick Withers <nick@nickwithers.com> Cc: questions@freebsd.org, Chuck Bacon <crtb@cape.com> Subject: Re: Getting NTP (ntpd, ntpdate) to work Message-ID: <20060702175128.S46555@tomato.local> In-Reply-To: <20060618193425.c07b9177.nick@nickwithers.com> References: <20060617211012.R54707@tomato.local> <20060618193425.c07b9177.nick@nickwithers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the return! I've discovered my ISP has apparently shut off port 123 (NTP), and if I do ntpdate -u ntp.cape.com I get my time set! But ntpq lacks ntpdate's option to use an unprivileged port. I guess time is come to ask my ISP. (Shouldn't I have done tha before :-] Again thanks! Chuck Bacon -- crtb@cape.com ABHOR SECRECY -- DEFEND PRIVACY PS: Yes, I use netmask 255.255.255.240 (0xfffffff0); a vain hope that there's a tiny increment of security in it, and a belief in the definitions of net classes. On Sun, 18 Jun 2006, Nick Withers wrote: > On Sat, 17 Jun 2006 21:30:55 -0400 (EDT) > Charles Bacon <crtb@cape.com> wrote: > >> Since FreeBSD 4.5-Release, I have been unable to get NTP working on >> my two FreeBSD computers, one running 5.3Release and the other on >> 6.1Release. I have done nothing with the GENERIC kernel on either >> machine. I talk SSH between them, and have been running ntpd on >> both, each naming the other as well as two external servers. >> >> My network is a typical home net, using 192.168.1/28, > > You mean /24 (i.e.: 255.255.255.0, Class C), yeah? > >> served by a DSL router which does NAT for my external traffic. >> Internal comms. is through switches, plus one hub. Each computer >> (plus some others running Windows) has easy access out, and is >> invisible from the Internet exceptt for responses. >> >> Here's my ntp.conf, identical on my two computers: >> >> server ntp.cape.com >> server ntp.ourconcord.net >> driftfile /var/db/ntp.drift >> logfile /var/log/ntplog >> pidfile /var/run/ntpd.pid >> logconfig =all >> peer 192.168.1.3 >> peer 192.168.1.2 (much comments removed) >> >> With mediocre diagnostic skill, I have finally discovered tcpdump. >> It told me after much experiment, that the relevant port (NTP, 123) was >> unreachable. This sounds significant, but I can't find a list of the >> reachability of ports. > > Try netstat(1). "netstat -anp udp" might be of help in > particular, here. > >> I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems >> to exist in /dev. >> >> I had expected that GENERIC would impose only slight filtering somehow, >> and certainly not shut off NTP! I guess I need help. > > If you've loaded a firewall such as IPFW in /etc/rc.conf a > kernel module will be loaded for it, if it's not compiled > statically into hte kernel already (which it isn't on GENERIC > for either 5.3-RELEASE or 6.1-RELEASE). "kldstat" will list > loaded modules (and the IPFW module is ipfw.ko). > >> Thanks for any help you can give, and I accept any opprobrium for trying >> to be a sysadmin, even for my home boxen. >> >> Chuck Bacon -- crtb@cape.com >> ABHOR SECRECY -- DEFEND PRIVACY > -- > Nick Withers > email: nick@nickwithers.com > Web: http://www.nickwithers.com > Mobile: +61 414 397 446
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060702175128.S46555>