Date: Thu, 12 May 2005 07:52:10 -0700 (PDT) From: Rob <spamrefuse@yahoo.com> To: FreeBSD questions <freebsd-questions@freebsd.org> Subject: Re: NTP issues with 5.4 Message-ID: <20050512145211.15345.qmail@web54002.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Michal Mertl wrote: > I have been doing upgrades from source for ages and > never had a problem. It is a documented process and > I only upgraded some of the computers from 5.3 to > 5.4, e.g. not across major versions. I'm running 5-Stable, and each time I restart my router/gateway/server (also ntpd server), I have trouble getting the ntpd server operate properly. I still haven't figured out what's going wrong. Somehow ntpd can't access the external servers; during that time it will also refuse to be the server to my local network (so also the PCs on my local network are in ntpd trouble). After some time (hours or days) it seems to work suddenly, like magic. No, no, it's not that time is off to much. All PCs involved here are running approximately the correct time; at most 10 seconds off. However, I noticed something strange this week: I again had rebooted my router/server and the ntpd was 'out-of-order', as usual. I ran tcpdump on the external internet interface to monitor the activity on port 123, and I noticed something strange. My ntpd server was initializing itself by sending out udp requests not from port 123, but from a high port number, like this for example: my.gate.way:5045 > ext.ntp.server:123 ext.ntp.server:123 > my.gate.way:5045 So my server was sending udp request from the high port number to the ntp server on port 123. The ntp server then answered the udp request from port 123 to the high number port on my server. Because my firewall allows ntp/udp communication only via port 123, this communication was blocked. I guess this was causing my ntpd server to hang kind of indefinitely. When I opened up my firewall, the ntpd server suddenly made contact and all was fine. A little later, I ran the same tcpdump again, and found out that now both, my gateway/server and the external ntp server, were communicating via port 123. So I switched my firewall on again, and ntpd was still very happy, because now the ntp/udp communication went all via port 123. Once ntpd was running for some time on the gateway, it suddenly started to function as a server to my local network; there is some delay here as if the ntpd server on my gateway has to stabilize some time first. Any comments to this? My gateway is a production server, so I can't do too many experiments with rebooting the system ;(. Regards, Rob. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050512145211.15345.qmail>