konfigurace ntpd
Jozef Babjak
babjak at hilbert.chtf.stuba.sk
Wed Dec 8 09:37:43 CET 2004
Zdravim,
dlhsi cas uspesne prevadzkujem ntp server, a kedze svoje konfiguraky si
poctivo komentujem, nech sa paci, tu su [takmer ;-)] bez zmeny.
/etc/ntpd.conf
server 217.11.227.68 iburst #ntp.karpo.cz
server 81.0.239.181 iburst #ntp.cgi.cz
server 81.95.96.3 iburst #ntp.globe.cz
driftfile /var/db/ntp.drift
# Vsetky servery su defaultne zakazane, posle sa im kiss-of-death paket.
restrict default ignore kod
# Plne prava maju servery uvedene v direktive server
restrict 217.11.227.68
restrict 81.0.239.181
restrict 81.95.96.3
# Podla tohto servera sa mozu konfigurovat nasledovne siete:
restrict xxx.xxx.0.0 mask 255.255.0.0 notrust nomodify notrap
restrict yyy.yyy.0.0 mask 255.255.0.0 notrust nomodify notrap
V kombinacii s firewallom (defaultne je vsetko blokovane) ipf
(/etc/ipf.rules):
[...]
# Tento pocitac je NTP klient:
pass out on ed1 proto udp from any to any port = ntp keep state keep frags
# Tento pocitac je NTP server:
pass in on ed1 proto udp from xxx.xxx.0.0/16 to IP.AD.RE.SA/32 port = ntp
keep state keep frags
pass in on ed1 proto udp from yyy.yyy.0.0/16 to IP.AD.RE.SA/32 port = ntp
keep state keep frags
[...]
kde IP.AD.RE.SA je lokalna adresa ntp servera.
Ako uz pisal p. Lukes, pouzivat ntp servre stratum 1 je skutocne zly
napad, zvycajne su "daleko" a medzi nami a nimi su lagujuce siete. Stratum
2 alebo dokonca 3 server, ktory je na spolahlivej sieti vzdialeny len malo
hopov, je dobra volba. Vsetky vyssie uvedene servery su stratum 2, jeden z
nich dokonca bezi na FreeBSD :-))).
J.
On Tue, Dec 07, 2004 at 11:38:10PM +0100, Petr Spodniak wrote:
> zdravim.
>
> nedari se mi rozbehnout ntp server. Vsechny servery jsou odmitnute (viz
> vystup ntpq).
>
> # cat /etc/ntp.conf
> driftfile /var/db/ntp.drift
> server 195.113.144.201 minpoll 8 maxpoll 16 prefer
> server ntp1.ptb.de minpoll 8 maxpoll 16
> server ntp.certum.pl minpoll 8 maxpoll 16
> server ntp.karpo.cz minpoll 8 maxpoll 16
> logconfig =all
>
> # ntpq -p
> remote refid st t when poll reach delay offset jitter
> ==============================================================================
> 195.113.144.201 .GPS. 1 u 9 256 1 2.409 34.094 0.001
> 192.53.103.103 .PTB. 1 u 19 256 1 30.416 34.305 0.001
> 217.153.69.35 .PPS. 1 u 12 256 1 60.459 38.607 0.001
> 217.11.227.68 130.149.17.8 2 u 12 256 1 2.390 34.032 0.001
>
> # ntpq -c as
> ind assID status conf reach auth condition last_event cnt
> ==========================================================
> 1 43492 9014 yes yes none reject reachable 1
> 2 43493 9014 yes yes none reject reachable 1
> 3 43494 9014 yes yes none reject reachable 1
> 4 43495 9014 yes yes none reject reachable 1
>
> # ntpq -p -c rl
> status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
> version="ntpd 4.1.0-a Wed Oct 9 12:19:42 GMT 2002 (1)",
> processor="i386", system="FreeBSD4.7-RELEASE", leap=11, stratum=16,
> precision=-20, rootdelay=0.000, rootdispersion=0.315, peer=0,
> refid=0.0.0.0, reftime=00000000.00000000 Thu, Feb 7 2036 7:28:16.000,
> poll=4, clock=c560ad36.ad23b363 Tue, Dec 7 2004 23:29:10.676, state=0,
> offset=0.000, frequency=0.000, jitter=0.001, stability=0.000
>
>
>
> Napada Vas nekoho co by mohlo byt spatne?
>
> Predem diky za pomoc.
>
>
> --
> Petr Spodniak <pspodniak at broadnet.cz>
> --
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l
More information about the Users-l
mailing list