Re: NTP synchronized: no

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From your email on Sep 8th:

chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? host3.nuagelibre.org          0   8     0   10y     +0ns[   +0ns] +/-    0ns
^? tomia.ordimatic.net           0   8     0   10y     +0ns[   +0ns] +/-    0ns
^? ntp.tuxfamily.net             0   8     0   10y     +0ns[   +0ns] +/-    0ns
^? ns346276.ip-94-23-32.eu       0   8     0   10y     +0ns[   +0ns] +/-    0ns


Which indicates Chrony is working, but is not getting a response from the time pool. You mentioned that the firewall team told you that port 123 is open, but this is not enough (intact may be unnecessary). Chrony uses a unprivileged port ( > 1024) to connect to port 123 on the ntp pool server. What needs to happen is the firewall needs to track this connection and allow a udp packet back form the source port 123 to your server, to the unprivileged port chrony used to send the request out.

This requires a stateful firewall or one that tracks the connection. In the case of Cisco routers they can use ip inspect command, but it depends on the firewall they are using as to how they would accomplish this.


On Sep 13, 2015, at 4:57 AM, Patrick Dupre <pdupre@xxxxxxx> wrote:

Hello,

Following the previous email exchange, what is the next step?
Is the issue clearly identified?
Do I need to run more tests?

Thank.

===========================================================================
Patrick DUPRÉ                                 | | email: pdupre@xxxxxxx
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale           | |
Tel.  (33)-(0)3 28 23 76 12                   | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann                 | | 59140 Dunkerque, France
===========================================================================
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux