konfigurace ntpd

Jozef Babjak babjak at hilbert.chtf.stuba.sk
Wed Dec 8 09:37:43 CET 2004


Zdravim, 

dlhsi cas uspesne prevadzkujem ntp server, a kedze svoje konfiguraky si 
poctivo komentujem, nech sa paci, tu su [takmer ;-)] bez zmeny. 

/etc/ntpd.conf

server 217.11.227.68 iburst #ntp.karpo.cz
server 81.0.239.181  iburst #ntp.cgi.cz
server 81.95.96.3    iburst #ntp.globe.cz

driftfile /var/db/ntp.drift

# Vsetky servery su defaultne zakazane, posle sa im kiss-of-death paket. 
restrict default ignore kod

# Plne prava maju servery uvedene v direktive server
restrict 217.11.227.68
restrict 81.0.239.181 
restrict 81.95.96.3

# Podla tohto servera sa mozu konfigurovat nasledovne siete:
restrict xxx.xxx.0.0 mask 255.255.0.0 notrust nomodify notrap
restrict yyy.yyy.0.0 mask 255.255.0.0 notrust nomodify notrap

V kombinacii s firewallom (defaultne je vsetko blokovane) ipf 
(/etc/ipf.rules):

[...]

# Tento pocitac je NTP klient:
pass out on ed1 proto udp from any to any port = ntp keep state keep frags

# Tento pocitac je NTP server:
pass in on ed1 proto udp from xxx.xxx.0.0/16 to IP.AD.RE.SA/32 port = ntp
keep state keep frags

pass in on ed1 proto udp from yyy.yyy.0.0/16 to IP.AD.RE.SA/32 port = ntp
keep state keep frags

[...]

kde IP.AD.RE.SA je lokalna adresa ntp servera. 

Ako uz pisal p. Lukes, pouzivat ntp servre stratum 1 je skutocne zly 
napad, zvycajne su "daleko" a medzi nami a nimi su lagujuce siete. Stratum 
2 alebo dokonca 3 server, ktory je na spolahlivej sieti vzdialeny len malo 
hopov, je dobra volba. Vsetky vyssie uvedene servery su stratum 2, jeden z 
nich dokonca bezi na FreeBSD :-))). 

J. 


On Tue, Dec 07, 2004 at 11:38:10PM +0100, Petr Spodniak wrote:
> zdravim.
> 
> nedari se mi rozbehnout ntp server. Vsechny servery jsou odmitnute (viz
> vystup ntpq). 
> 
> # cat /etc/ntp.conf
> driftfile /var/db/ntp.drift
> server 195.113.144.201 minpoll 8 maxpoll 16 prefer
> server ntp1.ptb.de minpoll 8 maxpoll 16
> server ntp.certum.pl minpoll 8 maxpoll 16
> server ntp.karpo.cz minpoll 8 maxpoll 16
> logconfig =all
> 
> # ntpq -p 
>      remote           refid      st t when poll reach   delay   offset  jitter
> ==============================================================================
>  195.113.144.201 .GPS.            1 u    9  256    1    2.409   34.094   0.001
>  192.53.103.103  .PTB.            1 u   19  256    1   30.416   34.305   0.001
>  217.153.69.35   .PPS.            1 u   12  256    1   60.459   38.607   0.001
>  217.11.227.68   130.149.17.8     2 u   12  256    1    2.390   34.032   0.001
> 
> # ntpq -c as
> ind assID status  conf reach auth condition  last_event cnt
> ==========================================================
>   1 43492  9014   yes   yes  none    reject   reachable  1
>   2 43493  9014   yes   yes  none    reject   reachable  1
>   3 43494  9014   yes   yes  none    reject   reachable  1
>   4 43495  9014   yes   yes  none    reject   reachable  1
> 
> # ntpq -p  -c rl
> status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
> version="ntpd 4.1.0-a Wed Oct  9 12:19:42 GMT 2002 (1)",
> processor="i386", system="FreeBSD4.7-RELEASE", leap=11, stratum=16,
> precision=-20, rootdelay=0.000, rootdispersion=0.315, peer=0,
> refid=0.0.0.0, reftime=00000000.00000000  Thu, Feb  7 2036  7:28:16.000,
> poll=4, clock=c560ad36.ad23b363  Tue, Dec  7 2004 23:29:10.676, state=0,
> offset=0.000, frequency=0.000, jitter=0.001, stability=0.000
> 
> 
> 
> Napada Vas nekoho co by mohlo byt spatne?
> 
> Predem diky za pomoc.
> 
> 
> -- 
> Petr Spodniak <pspodniak at broadnet.cz>
> -- 
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l



More information about the Users-l mailing list