RE: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't

From: "Young, Mike" <Mike.Young@xxxxxxxxxxxxxx>
Date: Fri, 18 May 2007 15:05:41 -0500

Good info, but does ntpq use different ports than ntpdate? After all, ntpdate works, but ntpq does not.

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Herta Van den Eynde
Sent: Friday, May 18, 2007 2:58 PM
To: General Red Hat Linux discussion list
Subject: Re: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't

On 18/05/07, Young, Mike <Mike.Young@xxxxxxxxxxxxxx> wrote:

Hello,

I'm seeing an odd NTP problem on a couple of Redhat servers here. Basically the NTP client is on a firewalled DMZ, away from the NTP server. NTP updates via ntpq work fine on the local NTP server subnet, but it isn't working for hosts on the firewalled DMZ. We've checked ports on the firewall, and 123/UDP is open. In addition, we see packets incrementing when we use the "iostat" command in ntpdc, and don't see any dropped or ignored packets in iostat either.

Any ideas?

Thanks,
Mike.

The ntp server uses 123/UDP, the client use ports above 1023.
http://www.unix.org.ua/orelly/networking/firewall/ch08_13.htm suggests
setting up an ntp server on your DMZ.

Kind regards,

Herta

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Follow-Ups:
- Re: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't
  - From: Herta Van den Eynde

References:
- Re: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't
  - From: Herta Van den Eynde

Prev by Date: Re: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't
Next by Date: RE: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't
Previous by thread: Re: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't
Next by thread: Re: Firewalled NTP on Redhat - ntpdate works, but ntpq doesn't
Index(es):
- Date
- Thread

Relevant Pages

Re: drift value very large and very unstable
... still be a fluke since the drift was rather unpredictable (but _always_ ... restarted ntp. ... for the refclock 16) and ntpq -crv would be useful. ... kernel on the same exact hardware as was used last night on the Redhat ...
(comp.protocols.time.ntp)
Re: NTP fails synchronization with server at startup
... synchronize with the server at booting. ... not make the connection. ... isn't up when NTP starts. ... Just for info I post a bit of output from ntpq> pe from FC2, ...
(Fedora)
Re: No libntp.so
... we are implementing a NTP supervision for our ATC middleware. ... Without a tty, ntpq itself ... We need to do it for many hosts to calculate a "CLOCK" status for the host, ... Does anyone see any reason why it should be done. ...
(comp.protocols.time.ntp)
Re: No libntp.so
... we are implementing a NTP supervision for our ATC middleware. ... It appears that the whole ntpq call is relatively slow when, ... a libntp.a that nobody seems to package though. ... The question of course would be: Will you merge such Makefile patches from us ...
(comp.protocols.time.ntp)
Re: No libntp.so
... Do not use ntpq. ... Does anyone see any reason why it should be done. ... irrelevant since I have absolutely no control over what goes into ntp. ... (which will be Free Software later on), ...
(comp.protocols.time.ntp)