Re: Setting Up NTP for Time Sync

From: prg (rdgentry1_at_cablelynx.com)
Date: 01/08/05


Date: 7 Jan 2005 16:38:18 -0800


W. Watson wrote:
> prg wrote:
[snip]

> > OP probably does not have any man pages for ntp on RH9 as the docs
were
> > distributed as html files in:
> > file:/usr/share/doc/ntp-[version]/index.htm
> Found a suitable man page on the web.

Your web browser will give you ready access to all the docs via
the link ;-)

> > RH9 came with a firewall preconfigured -- Lokkit -- and unless
you've
> > substituted your own script (it checks for Lokkit) /etc/init.d/ntpd
> > will do two things:
> > 1) open a FW hole for ntp
> > 2) automatically call ntpdate using the servers located in
> > /etc/ntp/step-tickers
> Tried the Finish site mentioned, and got the same message. Noted in
> another message just posted minutes ago.
> I've made no changes to the script file that I know of. What is it
called?

No changes is good in this case ;-)

Lokkit is just RH's "name" for their FW script. In /etc/rc.d/init.d
you will find all the startup/boot init scripts. The FW script is
called iptables after the command "iptables" that manipulates the
packet filter facilities included with Linux.

The /etc/init.d/ntpd script is the one run when ntpd is started.

> How do I tell if Lokkit is running?

>>From X terminal/console:
$ su - << note dash
[enter root password]
# service iptables status

If it is running you'll see the tables printed to screen. If it is not
running you'll get the message "Firewall is stopped." If by some
accident you don't have any tables you'll see "Firewall is not
configured. "

> If it is, then I think you are suggesting that I add a script that
> will open the FW for ntp. Someone mentioned step-tickers earlier
> with an example. I need to review what that's about.

Actually, the script is already in place and ready to go. The
/etc/ntp/step-tickers config file is initailly blank -- as in 0 bytes.
It holds the name of a single time server to contact _before_ ntpd
starts in order to set your time very quickly from an accurate source.
Allows your ntpd to synch much more rapidly.

To tell the truth, a more normal day has restored a few brain cells and
made me realize that we are making this more difficult for you than
need be. RH has scripts that will set up ntpd and initialize your
configuration with two selections in a gui -- then poof ;-)

>>From an X terminal/console;
$ su -
[enter root password]
# redhat-config-date

In the gui that pops up, check "Enable Network Time Protocol" and in
the dropdown list select "clock.redhat.com" if you have access to the
internet with the Linux box. If not you can try the IP address of your
XP box. Click OK and RH will arrange the rest. You should get a
message telling you to wait while it gets the date/time from the time
server.

Nice thing is that it will set up these files with useful values that
will act as a guide if you need/decide to edit by hand:
/etc/ntpd.conf
/etc/ntp/step-tickers
/etc/ntp/ntpservers
/etc/ntp/drift

[root]# service ntpd status
ntpd (pid 3216) is running...

And as a part of the startup process it will run the /etc/init.d/ntpd
script and will modify your iptables rules (Lokkit) to open the
firewall to ntp traffic. No muss, no fuss. Broke down my old system
here and just used it.

[root]# service iptables status
Chain RH-Lokkit-0-50-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:ntp dpt:ntp
yada yada yada ...

When you get in the habit of using commandline tools and editing files
by hand so much it's easy to forget that some of the gui tools really
do work pretty well for the inexperienced. In fact, I feel like a
dufus for not thinking about it and checking earlier.

This should set up your Linux box for ntp. Now your XP box...
hth,
prg
email above disabled



Relevant Pages

  • Re: Servers reachable, but cant sync - FIXED!
    ... chain is present and assume that if it is that you are using a standard Red Hat firewall script. ... Since on my machine I have completely rewritten the firewall rules I can't comment further on this. ... stuff at boot of the system, e.g. start the firewall, start ntpd, etc. -- At some point in the Red Hat/Fedora development, they added a feature to the ntpd starting script that checks for the RH-.... ... /sbin/service ntpd status -- When the system boots, it does the equivalent of /sbin/service iptables start This has the effect of restoring iptables from /etc/sysconfig/iptables. ...
    (comp.protocols.time.ntp)
  • Re: Help with Iptables on with RH linux
    ... iptables -P OUTPUT DROP ... INPUT only when packets have a destination IP of your firewall. ... the FORWARD chain contains rules that affect packets passing through ... Yes I flushed the rules before calling the script... ...
    (RedHat)
  • Re: some reality about iptables, please
    ... >>the script which can only be run by a root user. ... but it could re-inforce the fact that maybe running your iptables ... "I'm a packet filtering interface not a firewall tool." ... Generally Debian systems run at init runlevel 3 (this is a change if ...
    (Debian-User)
  • Re: IPTABLES Beginner Example Needed!
    ... after i runned this script nothing works on my computer. ... > I think i just need the translation to iptables. ... $MODPROBE ip_conntrack ... # FORWARD chain rules ...
    (linux.redhat)
  • iptables again
    ... iptables -A OUTPUT -o lo -j ACCEPT ... my internet interface and lan interface ... Using their script, eventually all internet and LAN activity die (roughly ... of default rule sets, and I think I know how things work, but my rule sets ...
    (comp.security.firewalls)