1 |
> I don't suppose this is the right place to ask, but I hope you won't mind |
2 |
> too much. Perhaps I'm just not looking in the right place, though I've been |
3 |
> through the extensive ntp documentation with the proverbial tooth comb but |
4 |
> still can't find what I need. |
5 |
> |
6 |
> I'm putting a new iDEQ box to work as my replacement firewall and gateway, |
7 |
> and I've got as far as setting up an ntpd on it for my network to use. |
8 |
> Naturally, I don't want it to listen on the external interface, so I've |
9 |
> uncommented the appropriate lines in /etc/ntpd.conf to restrict what |
10 |
> addresses are listened to. All with no effect: the system log shows ntpd |
11 |
> listening on two wildcard addresses and, specifically, my external address, |
12 |
> as well as the (intended) internal one. How on earth do I get the program |
13 |
> to obey its own configuration declarations? |
14 |
> |
15 |
> I'd prefer to use chrony, but it hasn't been ported to amd64 yet so I have |
16 |
> to make do with ntpd. Any clues, anyone? |
17 |
> |
18 |
> -- |
19 |
> Rgds |
20 |
> Peter. |
21 |
> -- |
22 |
> gentoo-amd64@g.o mailing list |
23 |
> |
24 |
Following are the non-comment lines from my /etc/ntp.conf. I have changed |
25 |
the values that define the real external server that I sync with. My guess |
26 |
is you are missing the "restrict default ignore" line in yours. My policy is |
27 |
for one machine to sync with the external world, but not to serve to the |
28 |
external world. Internally other machines sync against this machine. |
29 |
I do have firewall between the local ntp server that blocks all externally |
30 |
initiated traffic so maybe I have a bug in my config that has never been |
31 |
probed, but I have been using a variant of this for many years - pre-gentoo. |
32 |
|
33 |
|
34 |
server ntp.extern.server prefer #dmf 2004-08-17 |
35 |
server 127.127.1.0 #local clock a la Fedora 2 |
36 |
fudge 127.127.1.0 stratum 10 #a la Fedora 2 |
37 |
|
38 |
|
39 |
driftfile /var/lib/ntp/ntp.drift |
40 |
|
41 |
|
42 |
|
43 |
restrict default ignore |
44 |
|
45 |
|
46 |
restrict 127.0.0.1 # allow local control |
47 |
|
48 |
|
49 |
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap #allow local network machines to sync to us |
50 |
restrict 999.888.0.0 mask 255.255.0.0 nomodify #so we can sync with external server |
51 |
|
52 |
Dave F |
53 |
|
54 |
-- |
55 |
gentoo-amd64@g.o mailing list |