| |
 |
|
| Linux Forum Index » Linux - Red Hat Forum » Getting ntpd run under an unprivileged port |
|
Page 1 of 1 |
|
| Author |
Message |
| Yves Glodt |
 Posted: Tue Mar 09, 2004 3:45 am |
|
|
|
Guest
|
Hi,
(this is on RH9)
to get the time synced I tried to use ntpdate, but it does not work
unless I use the -d option. So far, so good.
But I want to use the ntpd daemon... and so far I have found no way
telling it to use an unprivileged port... it has no -d or -u option...
How can I do that? (Our firewall has 123/udp open)
best regards,
Yves |
|
|
| Back to top |
|
|
|
| Ali-Reza Anghaie |
| Posted: Tue Mar 09, 2004 7:48 am |
|
|
|
Guest
|
Yves Glodt <yves.glodt@nospamelectrosecurity.lu> wrote:
Quote: to get the time synced I tried to use ntpdate, but it does not work
unless I use the -d option. So far, so good.
It doesn't work unless you use -d? Odd. Any errors? Hangs? Have you
ran strace against it?
Quote: But I want to use the ntpd daemon... and so far I have found no way
telling it to use an unprivileged port... it has no -d or -u option...
I would do a Google on "chroot ntpd" to see if you find any good
pointers to putting ntpd in a chroot jail.
Cheers, -Ali
--
OpenPGP Key: 030E44E6
--
Was I helpful?: http://svcs.affero.net/rm.php?r=packetknife
--
In God we trust, all others we monitor.
-- NSA, Intercept Operators's motto, circa 1970 |
|
|
| Back to top |
|
|
|
| Robert M. Riches Jr. |
| Posted: Tue Mar 09, 2004 1:50 pm |
|
|
|
Guest
|
In article <404d8496$1_2@news.vo.lu>, Yves Glodt wrote:
Quote:
(this is on RH9)
to get the time synced I tried to use ntpdate, but it does not work
unless I use the -d option. So far, so good.
But I want to use the ntpd daemon... and so far I have found no way
telling it to use an unprivileged port... it has no -d or -u option...
How can I do that? (Our firewall has 123/udp open)
I had good luck with just using chkconfig to enable ntpd at
runlevels 2-5 and creating/modifying the following four files:
/etc/logrotate.d/ntp (probably not needed)
/etc/ntp.conf
/etc/ntp/step-tickers
/etc/ntp/keys
There may be a GUI for configuring those files, even. The
only real changes to the files are to select a "key" and the
names of the servers to use. Then, you can do "service ntpd
start" and related commands to control it.
Good luck.
Robert Riches
spamtrap42@verizon.net
(Yes, that is one of my email addresses.) |
|
|
| Back to top |
|
|
|
| Yves Glodt |
| Posted: Wed Mar 10, 2004 10:26 am |
|
|
|
Guest
|
Ali-Reza Anghaie wrote:
Quote: Yves Glodt <yves.glodt@nospamelectrosecurity.lu> wrote:
to get the time synced I tried to use ntpdate, but it does not work
unless I use the -d option. So far, so good.
It doesn't work unless you use -d? Odd. Any errors? Hangs? Have you
ran strace against it?
root@pc79:~# ntpdate -v ntp2.ptb.de
10 Mar 16:20:09 ntpdate[18238]: ntpdate 4.1.1c-rc1@1.836 Thu Feb 13
12:17:20 EST 2003 (1)
10 Mar 16:20:13 ntpdate[18238]: no server suitable for synchronization found
whereas using the -d option changes things:
root@pc79:~# ntpdate -d ntp2.ptb.de
10 Mar 16:20:20 ntpdate[18240]: ntpdate 4.1.1c-rc1@1.836 Thu Feb 13
12:17:20 EST 2003 (1)
transmit(192.53.103.104)
receive(192.53.103.104)
transmit(192.53.103.104)
receive(192.53.103.104)
transmit(192.53.103.104)
receive(192.53.103.104)
transmit(192.53.103.104)
receive(192.53.103.104)
transmit(192.53.103.104)
server 192.53.103.104, port 123
stratum 1, precision -17, leap 00, trust 000
refid [PTB], delay 0.07600, dispersion 0.00058
transmitted 4, in filter 4
reference time: c3f9b0aa.94be1000 Wed, Mar 10 2004 16:20:10.581
originate timestamp: c3f9b0b9.8619d000 Wed, Mar 10 2004 16:20:25.523
transmit timestamp: c3f9b0b5.3d1d9b1b Wed, Mar 10 2004 16:20:21.238
filter delay: 0.07819 0.07600 0.07605 0.07719
0.00000 0.00000 0.00000 0.00000
filter offset: 4.259439 4.258107 4.258458 4.259164
0.000000 0.000000 0.000000 0.000000
delay 0.07600, dispersion 0.00058
offset 4.258107
10 Mar 16:20:21 ntpdate[18240]: step time server 192.53.103.104 offset
4.258107 sec
root@pc79:~#
Quote: But I want to use the ntpd daemon... and so far I have found no way
telling it to use an unprivileged port... it has no -d or -u option...
I would do a Google on "chroot ntpd" to see if you find any good
pointers to putting ntpd in a chroot jail.
jail is not the problem, ntpd has the -U option for that.
unfortunately ntpd has no -d option, which seems to make it work for
ntpdate...
From the ntpdate manpage:
-u
Direct ntpdate to use an unprivileged port for outgoing packets.This is
most useful when behind a firewall that blocks incoming
traffic to privileged ports, and you want to synchronise with
hosts beyond the firewall.
Note that the -d option always uses unprivileged ports.
How can I get ntpd to use the unprivileged port...?
I don't feel like putting ntpdate in a cronjob. It's ntpds job.
regards,
Yves
|
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Sat Nov 21, 2009 3:46 am
|
|