List Archive: gentoo-amd64
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
> I don't suppose this is the right place to ask, but I hope you won't mind
> too much. Perhaps I'm just not looking in the right place, though I've been
> through the extensive ntp documentation with the proverbial tooth comb but
> still can't find what I need.
> I'm putting a new iDEQ box to work as my replacement firewall and gateway,
> and I've got as far as setting up an ntpd on it for my network to use.
> Naturally, I don't want it to listen on the external interface, so I've
> uncommented the appropriate lines in /etc/ntpd.conf to restrict what
> addresses are listened to. All with no effect: the system log shows ntpd
> listening on two wildcard addresses and, specifically, my external address,
> as well as the (intended) internal one. How on earth do I get the program
> to obey its own configuration declarations?
> I'd prefer to use chrony, but it hasn't been ported to amd64 yet so I have
> to make do with ntpd. Any clues, anyone?
> firstname.lastname@example.org mailing list
Following are the non-comment lines from my /etc/ntp.conf. I have changed
the values that define the real external server that I sync with. My guess
is you are missing the "restrict default ignore" line in yours. My policy is
for one machine to sync with the external world, but not to serve to the
external world. Internally other machines sync against this machine.
I do have firewall between the local ntp server that blocks all externally
initiated traffic so maybe I have a bug in my config that has never been
probed, but I have been using a variant of this for many years - pre-gentoo.
server ntp.extern.server prefer #dmf 2004-08-17
server 127.127.1.0 #local clock a la Fedora 2
fudge 127.127.1.0 stratum 10 #a la Fedora 2
restrict default ignore
restrict 127.0.0.1 # allow local control
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap #allow local network machines to sync to us
restrict 999.888.0.0 mask 255.255.0.0 nomodify #so we can sync with external server
email@example.com mailing list