# setup server ntp problems

## pigreco

Hello,

I'm trying without success to setup a NTP server for synchronize multiple servers in my private lan.

I always get one stratum = 16 for the server that I made and I can not understand what the problem is, the firewall should be ok and I have no error in the logs.

some info:

ntpd.conf:

```
server 212.45.144.16 iburst

server 212.121.88.250 iburst

server 127.127.1.0

fudge  127.127.1.0 stratum 10

# you should not need to modify the following paths

driftfile   /var/lib/ntp/ntp.drift

# logfile defaults to /var/log/messages

logfile /var/log/ntp.log

# By default, exchange time with everybody, but don't allow configuration.

restrict -4 default kod notrap nomodify nopeer noquery

restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.

restrict 127.0.0.1

restrict ::1

# Allow local lans to sync

restrict 192.168.1.0 mask 255.0.0.0 nomodify notrap

```

```
ntpq -c pe

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

 saguaro.bilink. .INIT.          16 u    - 1024    0    0.000    0.000   0.000

 212.121.88.250  .INIT.          16 u    - 1024    0    0.000    0.000   0.000

*LOCAL(0)        .LOCL.          10 l   50   64  377    0.000    0.000   0.000
```

remote servers ntp are reached:

```
ntpdate -d 212.121.88.250

16 Sep 13:47:02 ntpdate[12248]: ntpdate 4.2.6p5@1.2349-o Wed Sep 11 14:31:08 UTC 2013 (1)

transmit(212.121.88.250)

receive(212.121.88.250)

transmit(212.121.88.250)

receive(212.121.88.250)

transmit(212.121.88.250)

receive(212.121.88.250)

transmit(212.121.88.250)

receive(212.121.88.250)

server 212.121.88.250, port 123

stratum 2, precision -20, leap 00, trust 000

refid [212.121.88.250], delay 0.03352, dispersion 0.00012

transmitted 4, in filter 4

reference time:    d5e1690d.98d18648  Mon, Sep 16 2013 13:25:01.596

originate timestamp: d5e16e3e.984a086c  Mon, Sep 16 2013 13:47:10.594

transmit timestamp:  d5e16e3d.11b29f28  Mon, Sep 16 2013 13:47:09.069

filter delay:  0.03352  0.03462  0.03395  0.03380 

         0.00000  0.00000  0.00000  0.00000 

filter offset: 1.521704 1.522278 1.521833 1.521629

         0.000000 0.000000 0.000000 0.000000

delay 0.03352, dispersion 0.00012

offset 1.521704

16 Sep 13:47:09 ntpdate[12248]: step time server 212.121.88.250 offset 1.521704 sec
```

ntpq -crv:

```
associd=0 status=0515 leap_none, sync_local, 1 event, clock_sync,

version="ntpd 4.2.6p5@1.2349-o Wed Sep 11 14:31:06 UTC 2013 (1)",

processor="x86_64", system="Linux/3.7.5-hardened-r1", leap=00,

stratum=11, precision=-23, rootdelay=0.000, rootdisp=11.151,

refid=LOCAL(0), reftime=d5e16e9e.1e8b5fbe  Mon, Sep 16 2013 13:48:46.119,

clock=d5e16ead.8b335f1d  Mon, Sep 16 2013 13:49:01.543, peer=23637, tc=6,

mintc=3, offset=0.000, frequency=0.000, sys_jitter=0.000,

clk_jitter=0.000, clk_wander=0.000
```

stratum=11 come from  localhost setting: 

```
 server 127.127.1.0

fudge  127.127.1.0 stratum 10 
```

otherwise it would be = 16,

every suggestion is very welcome, thank you,

Maurizio

----------

## 666threesixes666

su -c '/etc/init.d/ntpd status'

reports?

if stopped try

su -c '/etc/init.d/ntpd start'

see https://wiki.gentoo.org/wiki/NTP

----------

## pigreco

hi,

thanks for reply

```

su -c '/etc/init.d/ntpd status' 

 * status: started

```

I have saw the wiki and some others tutorial on Internet but I can't found what is the problem.

regards,

Maurizio

----------

## 666threesixes666

"# Allow local lans to sync

restrict 192.168.1.0 mask 255.0.0.0 nomodify notrap "

what ip addresses do the clients have?  if they are 192.168.1.X they should be able to sync.  id change that line around to 0.0.0.0 so everyone can sync, but not modify.

----------

## pigreco

hi, 666threesixes666,

yes the clients ip address are 192.168.1.X

but my problem is that my LAN ntp master not syncronize itself with network ntp servers, it's stratum is always too hight

----------

## Aiken

When ntp queries remote servers it uses a source port of 123, ie local_machine:123 to remote_machine:123. The ntpq -crv will use an unprivileged port as the source port, mine just did local_machine:37670 to remote_machine:123.

If incoming packets to port 123 are blocked then the ntpq -crv you did will work fine but ntp itself won't receive any replies to time requests it sends. Try finding out if and where incoming packets to port 123 are being blocked. The ntpq -crv working shows out going packets to port 123 work. The stratum of 16 and reach of 0 that ntp is showing indicate it is not receiving any replies leaving me wondering if incoming packets to port 123 are blocked.

Easy enough to watch the traffic with tcpdump. Assuming eth0 then -> tcpdump -i eth0 port 123

When ntp is receiving packets you should start seeing the stratum of the remote servers and reach of 1 with in seconds after ntpd is started. Once you have that sorted I suggest you add at least 1 more server. 2 servers can work but it won't be reliable. While the 2 servers are close enough ntp will select one of them but too much of a difference then ntp won't chose either. This is fixed by having at least 3 servers.

The 2 servers you are using look to be from pool.ntp.org project and in europe so if you are going to use the pool you could remove the 2 server lines and just use 

pool europe.pool.ntp.org

That gives me 4 servers. Hard coding the ip in ntp.conf can mean you send up trying to use non existent ntp servers if they are closed down.

----------

## pigreco

hi, thanks for help

now after days of attempts I'm confusing...

I ave check again the firewall configuration and it seems to be correct but I can't see incoming comunications from time servers over internet

```
10:13:57.849416 IP 77.72.24.67.ntp > 213.209.109.45.ntp: NTPv4, Client, length 48

10:13:58.849438 IP 77.72.24.67.ntp > 217.79.179.16.ntp: NTPv4, Client, length 48

10:14:03.849411 IP 77.72.24.67.ntp > 195.200.224.66.ntp: NTPv4, Client, length 48

10:14:08.849439 IP 77.72.24.67.ntp > 144.76.96.7.ntp: NTPv4, Client, length 48

10:18:14.849439 IP 77.72.24.67.ntp > 217.79.179.16.ntp: NTPv4, Client, length 48

10:18:17.849411 IP 77.72.24.67.ntp > 213.209.109.45.ntp: NTPv4, Client, length 48

10:18:20.849437 IP 77.72.24.67.ntp > 195.200.224.66.ntp: NTPv4, Client, length 48

10:18:26.849438 IP 77.72.24.67.ntp > 144.76.96.7.ntp: NTPv4, Client, length 48
```

if i call my server(77.72.24.67) from my workstation (62.94.216.51):

```

10:06:32.016090 IP 62.94.216.51.64418 > 77.72.24.67.ntp: NTPv4, Client, length 48

10:06:32.016200 IP 77.72.24.67.ntp > 62.94.216.51.64418: NTPv4, Server, length 48

```

it seems ok

any ideas?

----------

## Aiken

To help confuse it a bit more I just used ntpdate -q <your ip> to query it from Australia. It showed as stratum 11 and approx 2.7 seconds from correct time.

----------

