[OpenIndiana-discuss] NTP trouble and 123 port

Gary Gendel gary at genashor.com
Mon Apr 28 12:15:50 UTC 2014 

On sort of the same topic.  I've set up ntpd as a client, similar to 
what you described but I can't seem to get it to work.  ntpq -p always 
shows all the peers in INIT state with a stratum of 16.  (That's not 
exactly true, every once in a while I get an ipv6 peer through my 4to6 
tunnel to initialize but that's a rare occurrence).

To make matters more confusing, ntpdate works as expected with any of 
the peers on my server list.  Because of this, I've disabled nptd and 
use ntpdate using cron but I was wondering if anyone had a clue to why 
ntpd would fail while ntpdate succeeds or how to debug this.

Gary

On 04/25/2014 09:23 AM, Gary Mills wrote:
> On Fri, Apr 25, 2014 at 11:15:31AM +0200, Jozsef Brogyanyi wrote:
>> I have trouble with 123 port. I wanted to set a NTP client not a server.
>> I received an e-mail my ISP with a complain. Someone use my server 123 port.
> I'll bounce you the message I sent to this mailing list in February.
> It explains how to avoid the NTP amplification exploit that your ISP
> complained about.
>
>> My NTP settings is the next:
>>
>> cp /etc/inet/ntp.client /etc/inet/ntp.conf
>> nano /etc/inet/ntp.conf
>>
>> Insert these lines. May be the these are not good.
>>
>> server 0.hu.pool.ntp.org iburst
>> server 1.hu.pool.ntp.org iburst
>> server 2.hu.pool.ntp.org iburst
>> server 3.hu.pool.ntp.org iburst
> I don't know what `iburst' means, but `man ntpd' describes it
> partially.  I don't use it.
>
>> svcadm enable ntp
>> svcs ntp
>> svcs -x ntp
>> ntpq -p
>> How can I solve this problem if I need the NTP client?
> Here are the non-comment lines from my ntp.conf:
>
>   $ egrep -v '^#|^$' /etc/inet/ntp.conf
>   restrict default kod nomodify notrap nopeer noquery
>   restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap nopeer
>   restrict 127.0.0.1
>   restrict -6 ::1
>   server 0.pool.ntp.org
>   server 1.pool.ntp.org
>   server 2.pool.ntp.org
>   server 3.pool.ntp.org
>   driftfile /var/ntp/ntp.drift
>   statsdir /var/ntp/ntpstats/
>   filegen peerstats file peerstats type day enable
>   filegen loopstats file loopstats type day enable
>
> You likely won't need the `192.168.0.0' line.  That's for my private
> network.
>
> It works:
>
>   $ ntpq -p
>        remote           refid      st t when poll reach   delay   offset  jitter
>   ==============================================================================
>   +time.netspectru 208.90.144.52    3 u  489  512  377   34.130    0.809   0.739
>   *penguin.hopcoun 209.51.161.238   2 u  140  512  377   31.145    0.683   1.324
>   -mongrel.ahem.ca 208.81.2.13      2 u  144  512  377   24.124   -9.238   4.130
>   +mirror.mountain 200.98.196.212   2 u  508  512  377   31.867    1.559   2.638
>

More information about the OpenIndiana-discuss mailing list