WTF *Nix

Since by now you may or may not have the NTP package installed and ready to go, I highly recommend to install it via RPM if you can find one for your *nix flavor. Check with your vendor or better yet Google.com, rpmbone and etc… =)

It is TIME for the /etc/ntp.conf file and getting NTP started:

As we know, 99.9% of the time the conf file is better known as the configuration file of a certain program within *nix, and we can’t go wrong unless we set a setting or two wrong… Well here we will do a basic setup as such:

First you want to find your way over to Finding some local time servers, and by doing this the fastest way is here: http://support.ntp.org/bin/view/Servers/WebHome#Finding_A_Time_Server

• Now you need to first open up your ntp.conf file in your favorite editor such as vim, nano, or whatever one you use. Then specify your first set of NTP servers as an example:

1. • server    somentp.serverat.org     #A stratum 1 server at serverat.org
   • server    ntp.research.gov              #A stratum 2 server at research.gov

• Then you will need to restrict a bit of access and allow these servers. In the example, the servers are not allowed to modify the run-time configuration or query back your Linux NTP Server that’s running, it would be a nightmare trust me on a DSL connection

1. • restrict    somentp.serverat.org    mask 255.255.255.255    nomodify notrap noquery
   • restrict    ntp.research.gov    mask 255.255.255.255    nomodify notrap noquery

The mask 255.255.255.255 statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.

• If this server of yours is also going to provide time for other computers on your local network or other networks, such as PC’s, Linux servers, and certain types of networking devices, then you will HAVE TO create and define the network(s) from which this NTP server of yours will accept NTP sync requests. You can do this by simply using a modified request type of statement which with the noquery replaced with the notrust keyword that’s accepted by ntp. This will allow the certain network you are allowing to query the LOCAL NTP server, but it will not be trusted to be a “SOURCE” type of NTP synchronization data, so the proper way of doing this is as follows: (i.e. our local network is 192.168.0.0, which our DHCP server is assigning IPs as such: 192.168.0.100, 192.168.0.101 and etc…)
  • restrict    192.168.0.0    mask    255.255.255.0    notrust nomodify notrap
• Make sure that your CORE NTP server that’s acting as the central “BIG BEN” A.K.A. localhost (which is the universal IP Address used to refer to a *nix server itself) has full access without having any restricting keywords as follows:
  • restrict    127.0.0.1
• Save your ntp.conf file and it’s time to restart the NTP server daemon for the settings to take immediate effect.

Right now you are wondering since all the other *nix servers on this local network can sync up to this server now? Well yes, because all you need to do is create the same scenerio as you did above but in a shorter fashion by simply replacing the “server   somentp.serverat.org” and restrict statements to reflect your local “BIG BEN” NTP server in lieu of having to always keep calling out on the net for time if you have one server that allows connections to sync up with. Remember port 123 is used for NTP and this can only happen if your firewall allows NTP through this port using the UDP Here is your answer to allowing this through if you are using IPTABLES:

iptables -I INPUT -p udp –dport 123 -j ACCEPT

Enjoy and get’r done, we will touch basis some”TIME” soon in regards to how to troubleshoot NTP, but if you have problems in the meantime, feel free on posting a comment here in this blog thread.

WTF Get’r Done and it’s TIME for lunch 12:10:25