Re: ntpd stuck on stratum 16 = not synced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



In article <478E40FF.4070708@xxxxxxxxx>,
Sean Carolan <scarolan@xxxxxxxxx> wrote:
> > The zeros in the "reach" column indicate that the server has been unable to
> > receive any packets from the upstream servers.
> > 
> > Is your server inside a firewall? If so, perhaps it is blocking NTP traffic.
> > You need to have it allow UDP port 123 in both directions. You don't need
> > port forwarding from outside to in, since all incoming packets will be replies
> > to outgoing packets.
> > 
> > If it is not inside a firewall, perhaps you have iptables on the server itself
> > blocking UDP port 123 traffic.
> 
> Fantastic, Tony.  This is the information I needed.  Our ISP does in fact 
> block UDP packets and I suspect this is why the sync is failing.
> 
> One question though - how come I can use ntpdate servername to update them by 
> hand?  Shouldn't that be blocked as well?

That depends. The ntpdate on my system uses a non-privileged UDP port as the
source port, and 123 as the destination. That means the reply from the external
server will be coming back to a non-privileged port (above 1024). The ntpd
daemon however uses 123 as both source and destination port, and therefore so
will replies to it.

Maybe the ISP allows incoming UDP packets to non-privileged ports but not to
low port numbers like 123.

Cheers
Tony
-- 
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux