So, in order to quickly have a (debian) machine up and running on ntp, you’re bound to do something like this ‘apt-get install ntp ntpdate’.
The problem is that this installs ‘ntpd’ too. The default configuration is to allow your server to answer to NTP queries from anywhere.
If you want to give the crackdown you’ll be somewhat frustrated with pre 4.6 config options as they’re somewhat nontraditional to what we usually see; without further ado, here’s a simple ‘link dump’ for a configuration guide.
On ntp 4.x? Guess what? Doesn’t work =[ – must be done with iptables.
Here’s the cheatsheet /etc/ntp.conf :
server my.server.address
restrict default ignore
restrict -6 default ignore
restrict 127.0.0.1
restrict my.server.address
This will allow you to poll things, e.g.: ntpq -p; and keep everyone else from sending packets to your box either on purpose or by accident. Note: You -have- to have your ‘servers’ in restrict lines or else it’ll hang on the first poll. (Indicated by ntpq -p )
When ntp isn’t working right, this is what ntpq -p looks like:
box:/etc# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
123.123.123.123 .INIT. 16 – – 64 0 0.000 0.000 0.000
Note the 0.000’s in the delay/offset/jitter – it’s also stuck on the sync request at INIT.
A properly functioning ntpq -p should look something like this:
box:/etc# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
123.123.123.123 123.12.1.12 3 u 3 64 1 1.349 2446.01 0.000
Leave a Reply