我有麻烦设置ntp客户端function,在debian系统上。
当inputntpq -p时,输出总是相同的(输出中全为零且没有统计),如下所示:
sudo ntpq -p4 remote refid st t when poll reach delay offset jitter ============================================================================== ntp2.mojsite.co .INIT. 16 - - 1024 0 0.000 0.000 0.000 panel1.web2.clu .INIT. 16 - - 1024 0 0.000 0.000 0.000 85.93.216.115 .INIT. 16 - - 1024 0 0.000 0.000 0.000 正如你所看到的那样,延迟,偏移和抖动都是零,而且这几天已经没有改变了。
我认为认为configuration可能被错误configuration,这里是我的ntp.conf文件:
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help #complete guide at: #http://doc.ntp.org/4.1.0/ntpd.htm ####################### # Monitoring Options # ####################### #Enable this if you want statistics to be logged. statsdir /var/log/ntpstats/ #what to log (keyword "statistics") #clockstats: for reference clock #peerstats: for peers (remote ntp servers) #loopstats: Record clock discipline loop statistics #raw stats: for raw output statistics loopstats peerstats clockstats rawstats #type: generate files per day(day), per NTP process (pid), single file (none) #per month (month) ... (year), or 24 hours of server operation (age) #enable/disable output and #link/nolink convenient to be able to access the current element of a file #generation set by a fixed name #recording of loop filter statistics information. filegen loopstats file loopstats.log type day nolink enable #recording of peer statistics information. filegen peerstats file peerstats.log type day nolink enable #recording of clock driver statistics information. filegen clockstats file clockstats.log type day nolink enable #recording of raw-timestamp statistics information. filegen rawstats file rawstats.log type day nolink disable ########################### # Reference Clock Options # ########################### #server 127.127.tu [prefer] [mode int] [minpoll int] [maxpoll int] #fudge 127.127.tu [time1 sec] [stratum int] [refid string] [mode int] [flag1 0|1] [flag2 0|1] [flag3 0|1] [flag4 0|1] ########## # SERVER # ########## #interface and ip setup, wildcard equals to 0.0.0.0 #This command controls which network addresses ntpd opens, #and whether input is dropped without processing. #ignore: don't listen on this address #drop: listen but drop #listen: listen and accept interface ignore ipv6 interface listen 127.0.0.1 interface ignore 192.168.1.100 interface ignore wildcard ########## # CLIENT # ########## #The various operating modes are determined by the command keyword #and the type of the required IP address. # You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> #The iburst option is recommended, and sends a burst of packets only if #it cannot obtain a connection with the first attempt. #The burst option always does this, even on the first attempt, #and should never be used without explicit permission #and may result in blacklisting. #this command mobilizes a persistent client mode association with the specified #remote server or local radio clock. #In this mode the local clock can synchronized to the remote server, #but the remote server can never be synchronized to the local clock. #The various operating modes are determined by the command keyword: #server, peer, broadcast, manycastclient and the type of the required IP address. server 1.hr.pool.ntp.org server 0.europe.pool.ntp.org server 3.europe.pool.ntp.org ################## # Access Control # ################## # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. # restrict address mask / -4 -6 / default # default: (everybody) equal to 0.0.0.0 255.255.255.255 # kod: If access is denied, send a kiss-of-death packet. # let client know more about why is it blocked to fix the problem # notrap: subsystem intended for remote event logging programs. restrict -4 default kod notrap nomodify nopeer noquery noserve restrict -6 default kod notrap nomodify nopeer noquery noserve # Local users may interrogate the ntp server more closely. # If ignoring interface on ipv6 run "ntpq -p -4" instead of just "-p" restrict 192.168.1.100 kod notrap nomodify nopeer noquery restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 172.16.1.1 mask 255.255.255.0 notrust ######################### # Miscellaneous Options # ######################### #Provides a way to enable or disable various server options. disable bclient #if not specified default is: disable disable calibrate #disable enable kernel #enable enable monitor #enable enable stats #enable enable ntp #enable #This command controls the amount and type of output written to the system #syslog facility or the alternate logfile. logconfig=syncall +clockall +sysall +peerall logfile /var/log/ntp.log #This command specifies the name of the file used to record #the frequency offset of the local clock oscillator. driftfile /var/lib/ntp/ntp.drift # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) # broadcast 172.16.1.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient
NTP防火墙规则已经build立,阻塞的连接被logging,到目前为止没有任何东西被阻塞。 如果需要,我也会提供防火墙信息。
我想出了这个问题:
interface ignore 192.168.1.100
应该
interface listen 192.168.1.100
和
restrict -4 default kod notrap nomodify nopeer noquery noserve
应该
restrict -4 default kod notrap nomodify nopeer noquery
基本上我们需要侦听来自ntp服务器的传入数据包,即使这只是客户端设置。
您的NTP没有连接到服务器。 如果您有IPv6,请尝试在IPv6地址上使用服务器。 由于NTP已被用于DDOS攻击,我遇到了类似的问题。 看起来许多服务器限制连接到达端口123.请参阅: https : //askubuntu.com/questions/825869/ntpd-does-not-sync-clock-while-ntpdate-does/825969#825969