From owner-freebsd-questions@FreeBSD.ORG Sun Jul 2 22:03:28 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF0AF16A417 for ; Sun, 2 Jul 2006 22:03:28 +0000 (UTC) (envelope-from crtb@cape.com) Received: from smtp10.cape.com (smtp10.cape.com [204.107.252.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41CDB43D48 for ; Sun, 2 Jul 2006 22:03:28 +0000 (GMT) (envelope-from crtb@cape.com) Received: from tomato (dsl-10-100-102-24.cape.com [10.100.102.24] (may be forged)) by smtp10.cape.com (8.12.10/8.9.1) with ESMTP id k62M2rPW009389; Sun, 2 Jul 2006 18:02:53 -0400 Date: Sun, 2 Jul 2006 18:02:53 -0400 (EDT) From: Charles Bacon X-X-Sender: crtb@tomato.local To: Nick Withers In-Reply-To: <20060618193425.c07b9177.nick@nickwithers.com> Message-ID: <20060702175128.S46555@tomato.local> References: <20060617211012.R54707@tomato.local> <20060618193425.c07b9177.nick@nickwithers.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: Cape.Com VirusScan, no known virus found Cc: questions@freebsd.org, Chuck Bacon Subject: Re: Getting NTP (ntpd, ntpdate) to work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jul 2006 22:03:28 -0000 Thanks for the return! I've discovered my ISP has apparently shut off port 123 (NTP), and if I do ntpdate -u ntp.cape.com I get my time set! But ntpq lacks ntpdate's option to use an unprivileged port. I guess time is come to ask my ISP. (Shouldn't I have done tha before :-] Again thanks! Chuck Bacon -- crtb@cape.com ABHOR SECRECY -- DEFEND PRIVACY PS: Yes, I use netmask 255.255.255.240 (0xfffffff0); a vain hope that there's a tiny increment of security in it, and a belief in the definitions of net classes. On Sun, 18 Jun 2006, Nick Withers wrote: > On Sat, 17 Jun 2006 21:30:55 -0400 (EDT) > Charles Bacon wrote: > >> Since FreeBSD 4.5-Release, I have been unable to get NTP working on >> my two FreeBSD computers, one running 5.3Release and the other on >> 6.1Release. I have done nothing with the GENERIC kernel on either >> machine. I talk SSH between them, and have been running ntpd on >> both, each naming the other as well as two external servers. >> >> My network is a typical home net, using 192.168.1/28, > > You mean /24 (i.e.: 255.255.255.0, Class C), yeah? > >> served by a DSL router which does NAT for my external traffic. >> Internal comms. is through switches, plus one hub. Each computer >> (plus some others running Windows) has easy access out, and is >> invisible from the Internet exceptt for responses. >> >> Here's my ntp.conf, identical on my two computers: >> >> server ntp.cape.com >> server ntp.ourconcord.net >> driftfile /var/db/ntp.drift >> logfile /var/log/ntplog >> pidfile /var/run/ntpd.pid >> logconfig =all >> peer 192.168.1.3 >> peer 192.168.1.2 (much comments removed) >> >> With mediocre diagnostic skill, I have finally discovered tcpdump. >> It told me after much experiment, that the relevant port (NTP, 123) was >> unreachable. This sounds significant, but I can't find a list of the >> reachability of ports. > > Try netstat(1). "netstat -anp udp" might be of help in > particular, here. > >> I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems >> to exist in /dev. >> >> I had expected that GENERIC would impose only slight filtering somehow, >> and certainly not shut off NTP! I guess I need help. > > If you've loaded a firewall such as IPFW in /etc/rc.conf a > kernel module will be loaded for it, if it's not compiled > statically into hte kernel already (which it isn't on GENERIC > for either 5.3-RELEASE or 6.1-RELEASE). "kldstat" will list > loaded modules (and the IPFW module is ipfw.ko). > >> Thanks for any help you can give, and I accept any opprobrium for trying >> to be a sysadmin, even for my home boxen. >> >> Chuck Bacon -- crtb@cape.com >> ABHOR SECRECY -- DEFEND PRIVACY > -- > Nick Withers > email: nick@nickwithers.com > Web: http://www.nickwithers.com > Mobile: +61 414 397 446