Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Jan 2004 03:28:25 -0700
From:      "Edward Aronyk" <earonyk@360i.ca>
To:        <freebsd-questions@freebsd.org>
Subject:   RE: NTP doesn't work behind IPF firewall?
Message-ID:  <20040122102744.17B2D615A3@boudica.360i.ca>
In-Reply-To: <E1AjbN2-0006qE-S0@llama.fishballoon.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
If I kill both ntpd processes so the socket is no longer in use, I can
manually set the time with ntpdate. I can't figure out why two ntpd
processes get spawned - it's like that on both servers, and even after a
reboot both appear again...

EA

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Scott Mitchell
Sent: Thursday, January 22, 2004 2:42 AM
To: 'Edward Aronyk'; freebsd-questions@freebsd.org
Subject: RE: NTP doesn't work behind IPF firewall?

owner-freebsd-questions@freebsd.org wrote:
> I know ntp is running because it updates the driftfile,
> and ps shows it's active:
> 
> # ps -aux | grep ntp
> root           81  0.0  0.2  1328  960  ??  Ss    9Jan04   1:06.65
> /usr/sbin/ntpd -p /var/run/ntpd.pid
> root           83  0.0  0.2  1364  992  ??  S     9Jan04   0:15.67
> /usr/sbin/ntpd -p /var/run/ntpd.pid
> root        47532  0.0  0.0   304  164  p0  R+    2:14AM 0:00.00 grep
> ntp 

I'm not sure why you have 2 ntpd processes running there - I only ever see
one:

(505) llama:~ $ ps uaxww | grep ntpd
root     77934  0.0  0.2  1312  900  ??  Ss   Sun04pm   0:12.45
/usr/sbin/ntpd -p /var/run/ntpd.pid

I'd suggest killing both of those ntpd processes and starting it up again.
Actually, before you restarting, try manually synchronising with one of your
servers, eg:

# ntpdate subitaneous.cpsc.ucalgary.ca

That will at least tell you that you can talk NTP with this server.  I
assume all the servers in your ntp.conf are public ones that your host is
allowed to use?

The firewall rules look OK, although you might want to add 'log' to your
default block rule while diagnosing a problem like this, so you'll be told
if ipf is blocking any of the packets you're interested in.

	Scott

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040122102744.17B2D615A3>