l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2002 Apr 24 23:05

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] I'm also having ntp problems :-(
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] I'm also having ntp problems :-(



On Wed, Apr 24, 2002 at 10:26:13PM -0700, Ryan wrote:
> On Wednesday 24 April 2002 10:04 pm, msimons@moria.simons-clan.com wrote:
> >   Something is preventing port 123 UDP packets from going between
> > bob and nat, you can see packets be transmitted and no reply.  It
> > could also be that your ntpd is configured to not accept connections
> > from bob.
> 
> This can now be blamed on firewall rules.

Something doesn't look right about this...

  Both ntdq and ntpdate create the same type of UDP based socket,
running from the same machine one of them gets replies the other
does not (the packets are different sizes).  It is true that some 
length based firewall checks could be blocking the replies... but
it's important to figure out what is broken before changing things
and I still don't have enough information.  It could be either ntpd 
or the firewall, since it could as likely be server configuration 
(like only accepting certain client revisions).

  If it still doesn't work after you have fun looking through your
firewall rules install strace on the firewall and run the trace 
requested below.  If you can't use "apt-get install strace" then
remember it is simply one big executable, scp it to the firewall 
from a similar machine and just run the binary from /tmp then
nuke it.

> [root@bob root]# strace -e connect,socket,sendto ntpq -ddn -c peers 
> 192.168.0.1 2>&1 | grep -Ev '(htons\(53\)|AF_UNIX|PF_UNIX)'
> 
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
> connect(3, {sin_family=AF_INET, sin_port=htons(123), 
> sin_addr=inet_addr("192.168.0.1")}}, 16) = 0
> Got packet, size = 20
> 
> [root@bob root]# strace -e connect,socket,sendto ntpdate -qd 192.168.0.1 2>&1 
> | grep -Ev '(htons\(53\)|AF_UNIX|PF_UNIX)'
> 
> 24 Apr 22:17:59 ntpdate[7455]: ntpdate 4.1.1@1.786 Wed Feb 27 16:42:53 CET 
> 2002 (1)
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
> --- SIGALRM (Alarm clock) ---
> transmit(192.168.0.1)
> sendto(3, "\343\0\4\372\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 48, 0, 
> {sin_family=AF_INET, sin_port=htons(123), 
> sin_addr=inet_addr("192.168.0.1")}}, 16) = 48
> --- SIGALRM (Alarm clock) ---
> --- SIGALRM (Alarm clock) ---
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.