From owner-freebsd-questions@FreeBSD.ORG Thu Nov 25 19:40:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAA7D16A4CE for ; Thu, 25 Nov 2004 19:40:43 +0000 (GMT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18F1C43D6A for ; Thu, 25 Nov 2004 19:40:43 +0000 (GMT) (envelope-from Metrol@Metrol.net) Received: from [192.168.1.2] (really [24.75.146.34]) by mta9.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with ESMTP id <20041125194040.DFJM14438.mta9.adelphia.net@[192.168.1.2]> for ; Thu, 25 Nov 2004 14:40:40 -0500 Message-ID: <41A63537.8090300@Metrol.net> Date: Thu, 25 Nov 2004 11:40:39 -0800 From: Michael Collette User-Agent: Mozilla Thunderbird 0.9 (X11/20041122) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Time sync with NTP questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2004 19:40:43 -0000 On my network I have a machine in my DMZ I wish to use NTP to synchronize to a public server for it's time. I then want to have another machine in my private network synchronize time to this box in the DMZ. From there I want to have all my other machines in my private network to sync in to it. Boy I hope that makes sense. Just in case, a fun filled ASCII diagram Public NTP Server | DMZ Server | Private Server | All the rest of my servers All my boxes are running 5.3-STABLE. I have my DMZ box connecting to public NTP servers through my firewall now. That part works great. Able to ntpdate and run ntpd. My private server is able to both ntpdate and ntpd to a public server. What I can't seem to get going here is to have the private server synchronize to the DMZ server with NTP. Also can't get other machines sync in with what I want to be my primary NTP server on the private network. Heck, I can't seem to get any two FreeBSD boxes to sync with eachother. I've also been trying to get this to play with two boxes on the same subnet. I can get one box to sync to another using timed, but I can't seem to get ntp to work. I conistently get... "no server suitable for synchronization found" The client side can query what I'd like to be the ntp server with ntpq, but ntpdate or ntp -q always fail. The client IS able to ntpdate to a public server. The server has the following rc.conf flags... ntpdate_enable="YES" ntpdate_flags="ntp.ucsd.edu" ntpd_enable="YES" ntpd_flags="-A -c /etc/ntp.conf -p /var/run/ntpd.pid -f /etc/ntp/ntpd.drift" /etc/ntp.conf looks very similar too... server ntp.somedomain.com restrict ntp.somedomain.com mask 255.255.255.255 nomodify notrap noquery restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap restrict 127.0.0.1 driftfile /etc/ntp/ntp.drift There's actually 5 public NTP servers configured in my real ntp.conf and they all seem to work. 192.168.1.0 is, of course, where my clients would query this server. So what am I missing here to make a working NTP server for my network?? Thanks, -- "In theory, there is no difference between theory and practice. In practice, there is." - Yogi Berra