Web lists-archives.com

Re: Ntp not working

On Thu, Jun 21, 2018 at 10:04:24AM +0300, David Baron wrote:
> On Wed, Jun 20, 2018, 5:33 PM Mike <debian@xxxxxxxxxx> wrote:
> >
> > OK, so your NTP servers are:
> >
> > pool 0.debian.pool.ntp.org iburst
> > pool 1.debian.pool.ntp.org iburst
> > pool 2.debian.pool.ntp.org iburst
> > pool 3.debian.pool.ntp.org iburst
> >
> >
> > Most likely you are blocking UDP/123.  However, if you fail to resolve
> > the IP when you ping it, you have a DNS issue.
> >
> > Mike.
> >
> 123 udp allowed both ways.
> The destination is resolved do dns ok.
> Ping still fails, unreachable,sendmsg operation not permitted.

The npt config is correct and the servers should be reachable.  This
points to some kind of networking issue at your end.

That ping error is a little curious.  It does sounds like a permissions
issue.  One needs to be root to send the ICMP messages that ping uses.
Ping gets around this issue by having setuid set on /usr/bin/ping, so
that anyone who can run it runs it effectively as root.  I've never
tried it but I suspect that if you remove setuid from /usr/bin/ping
you'd probably see the above error.  Having said that, I did a quick
seearch with a well-known Internet search engine and it the results
suggested that iptables could also cause the above error.

Anyway, speculation aside, the error (and I've ran ping many, many times
and never seen that error before) does suggest that something isn't
right on your box and it's not the NTPd config.  I'd start by looking at
your iptables config.  I'd be fairly sure something is blocking UDP/123,
whereever it is.


Attachment: signature.asc
Description: PGP signature