| 1 |
> I don't suppose this is the right place to ask, but I hope you won't mind |
| 2 |
> too much. Perhaps I'm just not looking in the right place, though I've been |
| 3 |
> through the extensive ntp documentation with the proverbial tooth comb but |
| 4 |
> still can't find what I need. |
| 5 |
> |
| 6 |
> I'm putting a new iDEQ box to work as my replacement firewall and gateway, |
| 7 |
> and I've got as far as setting up an ntpd on it for my network to use. |
| 8 |
> Naturally, I don't want it to listen on the external interface, so I've |
| 9 |
> uncommented the appropriate lines in /etc/ntpd.conf to restrict what |
| 10 |
> addresses are listened to. All with no effect: the system log shows ntpd |
| 11 |
> listening on two wildcard addresses and, specifically, my external address, |
| 12 |
> as well as the (intended) internal one. How on earth do I get the program |
| 13 |
> to obey its own configuration declarations? |
| 14 |
> |
| 15 |
> I'd prefer to use chrony, but it hasn't been ported to amd64 yet so I have |
| 16 |
> to make do with ntpd. Any clues, anyone? |
| 17 |
> |
| 18 |
> -- |
| 19 |
> Rgds |
| 20 |
> Peter. |
| 21 |
> -- |
| 22 |
> gentoo-amd64@g.o mailing list |
| 23 |
> |
| 24 |
Following are the non-comment lines from my /etc/ntp.conf. I have changed |
| 25 |
the values that define the real external server that I sync with. My guess |
| 26 |
is you are missing the "restrict default ignore" line in yours. My policy is |
| 27 |
for one machine to sync with the external world, but not to serve to the |
| 28 |
external world. Internally other machines sync against this machine. |
| 29 |
I do have firewall between the local ntp server that blocks all externally |
| 30 |
initiated traffic so maybe I have a bug in my config that has never been |
| 31 |
probed, but I have been using a variant of this for many years - pre-gentoo. |
| 32 |
|
| 33 |
|
| 34 |
server ntp.extern.server prefer #dmf 2004-08-17 |
| 35 |
server 127.127.1.0 #local clock a la Fedora 2 |
| 36 |
fudge 127.127.1.0 stratum 10 #a la Fedora 2 |
| 37 |
|
| 38 |
|
| 39 |
driftfile /var/lib/ntp/ntp.drift |
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
restrict default ignore |
| 44 |
|
| 45 |
|
| 46 |
restrict 127.0.0.1 # allow local control |
| 47 |
|
| 48 |
|
| 49 |
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap #allow local network machines to sync to us |
| 50 |
restrict 999.888.0.0 mask 255.255.0.0 nomodify #so we can sync with external server |
| 51 |
|
| 52 |
Dave F |
| 53 |
|
| 54 |
-- |
| 55 |
gentoo-amd64@g.o mailing list |
Archives