time + problem

hello_world · Post by **hello_world** » 13. Jul 2011, 08:15

Hi
I'm in the zone Europe/Warsaw
Whenever you turn on the laptop I have a bad time
Is 2 hours back to the current.
I always have to manually correct

Code: Select all

root@salix-kde:/etc/rc.d# ls -l rc.ntpd 
-rwxr-xr-x 1 root root 1411 sty  6  2011 rc.ntpd

Code: Select all

root@salix-kde:/etc/rc.d# cat /etc/ntp.conf
# /etc/ntp.conf:  Configuration file for ntpd.

# External servers: The hostnames '*.pool.ntp.org' point to different
# servers each time, using a round robin system. If your ISP has an ntp
# server you want to replace these ones with it. It is not good
# practice to pick a 'stratum 1' server for the synchronisation of a
# single client, so don't put one here please. Read more about picking
# the right ntp servers to use at: http://www.pool.ntp.org/use.html
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst

# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /etc/ntp/drift

# Access control:
# Default restrictions
# noquery: don't serve server stats
# nomodify: don't let anyone else change the settings remotely
# notrap: don't allow remote event logging
# noserve: deny all packets except ntpq and ntpdc queries
restrict default noquery nomodify notrap

# Allow everything locally.
restrict 127.0.0.1

# Serve time and stats to other computers in your local network.
restrict 10.0.0.0 mask 255.0.0.0 nomodify
restrict 169.254.0.0 mask 255.255.0.0 nomodify
restrict 172.16.0.0 mask 255.240.0.0 nomodify
restrict 192.168.0.0 mask 255.255.0.0 nomodify

Code: Select all

root@salix-kde:/etc/rc.d# date
śro, 13 lip 2011, 08:15:42 CEST

witek · Post by **witek** » 13. Jul 2011, 08:30

Maybe try

Code: Select all

 timeconfig

and choose NO, set to localtime instead of UTC

hello_world · Post by **hello_world** » 13. Jul 2011, 08:57

Unfortunately, the same

Post by **gapan** » 13. Jul 2011, 09:30

Run the clock configuration tool from the system menu. Make sure that automatic synchronization is on and select the correct time zone.

hello_world · Post by **hello_world** » 13. Jul 2011, 09:49

Everything is set correctly
Maybe my firewall is very restrictive

Code: Select all

bash-4.1# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT 
-A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT

Maybe add:

Code: Select all

iptables -A INPUT -p udp -sport 123 -j ACCEPT

??

Post by **thenktor** » 13. Jul 2011, 10:24

You shouldn't need additional rules. What's the output of ntpq -p?

EDIT: I was wrong, you'll need another rule...

EDIT2: Something like this:

Code: Select all

# allow established and related connections
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

to allow related udp connections, too.

hello_world · Post by **hello_world** » 13. Jul 2011, 11:49

Code: Select all

root@salix-kde:~# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp.coi.pw.edu. .PPS.            1 u 125m   64    0    0.000    0.000   0.000
 ip-193-138-118- 213.222.193.35   2 u 125m   64    0    0.000    0.000   0.000
 d7-58.static.ic 178.255.47.55    3 u 125m   64    0    0.000    0.000   0.000

I already have a good time. I do not know when to set the correct. After the restart it is ok

Post by **thenktor** » 13. Jul 2011, 17:37

Your output shows that the ntp server could not be reached for 125 minutes. ntp uses udp for time transmission, you have to change your firewall rules.

hello_world · Post by **hello_world** » 14. Jul 2011, 06:21

corrected entries in iptables and unblocked port 123 and now it's ok

Code: Select all

bash-4.1# /etc/rc.d/rc.ntpd info
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ns1.uw.edu.pl   193.110.137.171  2 u   11   64    1    9.931   -0.961   2.022
+ntp.nsm.pl      213.222.193.35   2 u   10   64    1   15.975   -1.018   3.973
+d7-58.static.ic 178.255.47.55    3 u    9   64    1   21.759   -3.231   2.541
 goblin.nask.net 195.113.144.201  2 u   18   64    1   11.036   -2.008   0.002

thank you

Post by **thenktor** » 14. Jul 2011, 08:23

But why do you open the port for everyone instead of just allowing related connections as I told you?

Code: Select all

    # allow established and related connections
    $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

time + problem

time + problem

Re: time + problem

Re: time + problem

Re: time + problem

Re: time + problem

Re: time + problem

Re: time + problem

Re: time + problem

Re: time + problem

Re: time + problem