0

There have been several similar questions to this, but none with resolutions.

  • I can run ntpdate on the machine, and the date is updated. I assume that this means there is no firewall problem.
  • I have checked the ISP and the firewall and UDP port 123 is open.

The result of ntpq -pn is:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 2.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 3.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 129.250.35.250  .INIT.          16 u    - 1024    0    0.000   +0.000   0.000
 103.76.40.123   .INIT.          16 u    - 1024    0    0.000   +0.000   0.000
 162.159.200.123 .INIT.          16 u    - 1024    0    0.000   +0.000   0.000
 203.135.184.123 .INIT.          16 u    - 1024    0    0.000   +0.000   0.000

And has been the same for a considerable time.

The non-commented config file is:

driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 0.au.pool.ntp.org
server 1.au.pool.ntp.org
server 2.au.pool.ntp.org
server 3.au.pool.ntp.org
pool 0.debian.pool.ntp.org iburst
pool 1.debian.pool.ntp.org iburst
pool 2.debian.pool.ntp.org iburst
pool 3.debian.pool.ntp.org iburst
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
restrict 127.0.0.1
restrict ::1
restrict source notrap nomodify noquery
interface listen *

Any insights as to how to debug the problem would be greatly appreciated!

RabidMutant
  • 123
  • 5

1 Answers1

0

It could be that your implementation of ntpdate and ntpd use slightly different network semantics: possibly ntpdate is using an ephemeral source port, whilst ntpd is using 123 as both the source and destination port; the latter may not be getting through your firewall or your ISP's filters. You could confirm this by taking a packet capture with tcpdump, tshark, or wireshark whilst testing the two different methods to see what the packets on the wire look like.

(You also shouldn't need interface listen *, but I tested your exact config on my system and it works fine with that.)

Paul Gear
  • 4,367
  • 19
  • 38