FreeBSD Mail Archives

Date:      Mon, 26 May 2008 15:54:28 -0400
From:      Jon Radel <jon@radel.com>
To:        Jim Stapleton <stapleton.41@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ntpd - I'm sure I'm setting it up wrong, but I can't figure out how.
Message-ID:  <483B1574.4060409@radel.com>
In-Reply-To: <80f4f2b20805261149g12b768a8m971444fa75bf1b1f@mail.gmail.com>
References:  <80f4f2b20805261002x3a875b36s88dc1ea4b38bca87@mail.gmail.com>	<FD7CA713-CF49-4DD5-9B54-951CBE372584@mac.com> <80f4f2b20805261149g12b768a8m971444fa75bf1b1f@mail.gmail.com>


[-- Attachment #1 --]
Jim Stapleton wrote:
> On Mon, May 26, 2008 at 2:02 PM, Chuck Swiger <cswiger@mac.com> wrote:
>> On May 26, 2008, at 10:02 AM, Jim Stapleton wrote:
>>> I'm trying to run ntpd to auto-update my computer's time (since I'm
>>> not supposed to use ntpdate).
>>>
>>> /etc/ntp.conf (I've tried without the restrict line):
>>> ========================================
>>> server sushi.lyon.edu
>>> restrict default ignore
>>> driftfile /var/db/ntp.drift
>>> ========================================
>> Your configuration is blocking all NTP traffic and commands, even from
>> localhost.  See:
> 
> Thanks, that fixed the issue.

I was also going to point out that I don't believe that the -f option 
does you much good unless, at some point, you've run ntpd as a daemon 
for a minimum of several hours or have otherwise put a decent drift 
value for your specific hardware into the file you reference.  If you 
care about accurate time, you may wish to just go ahead and run ntpd the 
"normal" way with a bunch of servers; an earlier reply gave you what to 
put into into /etc/rc.conf.

If so, I'd suggest

restrict default nomodify notrap nopeer
restrict -6 default nomodify notrap nopeer

where the 2nd line is a really good idea if you've got any ipv6 at all, 
instead of just removing the restrict line entirely.  This will block 
the worst abuse.  (Yes, the 1st line has no effect on what ntpd does 
with packets that arrive via ipv6 and, if I had to guess, I'd say there 
are an awful lot of FreeBSD servers out there that can have their ntpd 
"twiddled" from the local network. ;-)

--Jon Radel

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��	10��0�\�m����t�������v0
	*�H��
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10URadel10U*
Jon Thomas10UJon Thomas Radel10	*�H��
	
jon@radel.com0�"0
	*�H��
�0�
��t,P���p�#�
٬q�_�2�=�L����-^m�>�z3�����ʟV�!��[(�[ A���o������E��}ϛ�3/��6�?񥃮�c��W�x(/��)'�$6�s�T�l<*�i��'��=���uox�Mbt�
���r�dtn��x��ud���1�R6����T����>z�U0���FZ,v�N�9�NP{�>q�E�`^���P;	�*Wg/jN*O�V�ՠ��Q����M���B�(�=����:����
��*0(0U0�
jon@radel.com0U�00
	*�H��
����h�!o�ܨ��[�А!f�N#[�Z�
�b$3?�x&��$�~Ħ9�}`�MX[It}�/�b�XZa����jgx���ɥ��' �2N��rt�WA�r �sFި��'���^@mDVw\��)����0��0�\�m����t�������v0
	*�H��
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10URadel10U*
Jon Thomas10UJon Thomas Radel10	*�H��
	
jon@radel.com0�"0
	*�H��
�0�
��t,P���p�#�
٬q�_�2�=�L����-^m�>�z3�����ʟV�!��[(�[ A���o������E��}ϛ�3/��6�?񥃮�c��W�x(/��)'�$6�s�T�l<*�i��'��=���uox�Mbt�
���r�dtn��x��ud���1�R6����T����>z�U0���FZ,v�N�9�NP{�>q�E�`^���P;	�*Wg/jN*O�V�ՠ��Q����M���B�(�=����:����
��*0(0U0�
jon@radel.com0U�00
	*�H��
����h�!o�ܨ��[�А!f�N#[�Z�
�b$3?�x&��$�~Ħ9�}`�MX[It}�/�b�XZa����jgx���ɥ��' �2N��rt�WA�r �sFި��'���^@mDVw\��)����0�?0���
0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0��0
	*�H��
��0����Ħ<UsU�N�ʙZh�up��������[�v�:a�Q���P
0�cZ,�p����+�Z�?qV˯<���6$*�+��w=�+��>�@�dק���e��*T�H���<a@dr`�����0��0U�0�0CU<0:08�6�4�2http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 �010UPrivateLabel2-1380
	*�H��
��H��P��.�
�f�g�����C���L!��6�-�6/��P �p<���ab��:~�����t�%P�b��'qW%�ݩ�9�� Oe_�������N���4�[5Mw�V!x��!5�$��F�]_eO1�d0�`0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAm����t�������v0	+���0	*�H��
	1	*�H��
0	*�H��
	1
080526195428Z0#	*�H��
	1���?�y`�Ea(�|F̥r!0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAm����t�������v0��*�H��
	1x�v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAm����t�������v0
	*�H��
�BW1��^b��2e�#��x�B���x�Eu��K^}�M��{��R��*o0�h���Ұ�Ms� �D�lXH�Vڂ���&��g�[R/�� ���Q� ��nW������+�z^�z�""	��p��
�o��x�x������FY��){l���*�r3�-R���IԿ�?/�Z�6��vPfc4���Aq���I�Qp��>�i;/�?W/ζ�����s����-ф(�����#�L�$ 
y�e��Fp�إ

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?483B1574.4060409>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation