On 11/11/2010 11:20 AM, tony.chamberlain at lemko.com
wrote:>
> Hello
>
> I am trying to sync via NTP locally (since I have no Internet access).
> None of the NTP stuff I read on the net seems to work right. I mean it
works fine setting up a client going to something like 0.pool.ntp.org but when I
want to make my LInux box a server, and I do an ntpdate to it from another
machine,
> it says no suitable server found. I have tried every possible combination
of restrict, broadcast, multicast. Followed directions in the examples but
> nothing works. Also "iptables-save" shows no iptables stuff set
at all, so there is no firewall blocking it.
>
> Maybe I could ask my question and someone could tell me how to configure?
>
> There are 4 machines:
>
> 1. 10.5.1.50
> 2. 10.5.0.20 / 192.168.1.100
> 3. 10.6.1.50
> 4. 10.6.0.20 / 192.168.1.101
>
> The 10.5s cannot reach the 10.6s (except roundaboutly through the 192
> network). The two 192 machines are connected directly to each other.
> You can get back and forth between them
>
> I want to set it up so that, and it doesn't matter which way), one of
> the 191.168.1.X machines NTP syncs to the other, and then
> the 10.5.1.50 syncs to 10.5.0.20 and the 10.6.1.20 syncs to 10.6.0.20.
> How do I set the ntp.conf files? Remember there is no external internet
> on any of the machines, and the 10.5 machines cannot reach the 10.6
machines and v.v. (except the 10.X.0.20 machines can reach each other through
the 192 network). Also I am not allowed to use the 192 machines as routers for
the 10.X.1.50 machines.
I have 3 systems here that are my internal NTP servers. They are set up
to go out and get time, and my clients all look to them for time.
The files you need to work with are:
For /etc/ntp.conf you need to control how your local clients interact
with the server, like:
restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap
And protect your server from outside influence with:
server 0.rhel.pool.ntp.org burst iburst
restrict 0.rhel.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
In /etc/ntp/ntpservers you list your outside sources (or inside for the
clients) eg:
clock.redhat.com
clock2.redhat.com
/etc/sysconfig/ntpd controls updating your hardware clock:
# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes
Anyway for your clients to get time, you have to allow udp/tcp port 123
in your firewall and set up /etc/ntp.conf.
(this message is a little scattered, as I am suppose to be listing to
this presentation on comment resolution on the 802.15.4g ballot. boring).