NTP, ntpdate, and ISP-based firewall
Don Levey
fedora-list at the-leveys.us
Thu Mar 4 16:30:40 UTC 2004
fedora-list-admin at redhat.com wrote:
>
> It looks like you have not waited out a couple minutes even. After a
> minute and loose change you should know if it is reachable, though.
>
> You can check that with:
> [root at it ~]# ntpq -n -c peers;ntpq -n -c assoc
> remote refid st t when poll reach delay offset
> jitter
>
============================================================================
> ==
> 127.127.1.0 127.127.1.0 3 l 11 64 17 0.000 0.000
> 0.008
> 132.239.1.6 132.249.20.88 2 u 3 64 17 29.482 -12.287
> 0.550
> +63.192.96.3 63.192.96.10 2 u 13 64 17 51.090 2.395
> 0.008
> *164.67.62.194 .PSC. 1 u 11 64 17 26.581 0.058
> 0.074
> ind assID status conf reach auth condition last_event cnt
> ===========================================================
> 1 1164 9014 yes yes none reject reachable 1
> 2 1165 9014 yes yes none reject reachable 1
> 3 1166 9414 yes yes none candidat reachable 1
> 4 1167 9614 yes yes none sys.peer reachable 1
>
>
> If reach is no then you have troubles. Just why I don't know because
> ntpdate uses the same ports pretty much the same way as ntpd itself.
>
> I prefer to sit in "ntpq" and use the "assoc" and "peers" commands
> more or less alternately to watch the system trying to synch up. It
> takes several minutes for things to settle down. But "reach" should
> get set pretty quickly.
>
> (NOte that it took 17 polls to get to this status. That was almost 18
> minutes. You must have patience IF reach increments each 64 seconds or
> so.)
>
> {^_^}
Well, here's the output I get when I try, after about 12 hours of waiting:
[root at davinci root]# ntpq -n -c peers;ntpq -n -c assoc
remote refid st t when poll reach delay offset
jitter
============================================================================
==
*127.127.1.0 127.127.1.0 10 l 22 64 377 0.000 0.000
0.008
69.22.157.240 0.0.0.0 16 u - 1024 0 0.000 0.000
4000.00
ind assID status conf reach auth condition last_event cnt
===========================================================
1 56708 9624 yes yes none sys.peer reachable 2
2 56709 8000 yes yes none reject
[root at davinci root]#
So I can reach myself, but not anyone else?
I'll try, as someone else suggested, the ISP's DNS server and see if that
helps.
Thanks,
-Don
More information about the fedora-list
mailing list