[ale] NTP...

Michael B. Trausch fd0man at gmail.com
Mon Apr 24 21:40:58 EDT 2006 

On Mon April 24 2006 17:07, Joe Steele wrote:
>
> The fact that "reach" equals 0 implies that ntpd is unable to elicit a
> reply from any of the servers.  As I said above, It looks like something
> is blocking outbound (or inbound) UDP NTP packets (ethereal or tcpdump
> could confirm this).  Unfortunately, ntpd has no equivalent to the "-u"
> option for ntpdate (at least I've not come across such an option), so
> you'll need to figure out where the packets are being blocked.
>

Oy... well, perhaps, then, I'm going to just cron the ntpdate -u command... 
lol.  I am behind two routers, and even the DMZ'd machine has problems with 
all of this:

	ComCast Cable Inbound
	     |       |
	     |       |
	     |       |
	  ---------------
	  \             /
	   \           /
	    \         /
	     \       /
	      \     /
	       \   /
	        \ /
	         .

	SunRocket VoIP Router
	(which causes all sorts of
	network oddities and has only
	one port for the LAN...)
	(192.168.251.1 LAN, DHCP WAN)
	     |       |
	     |       |
	     |       |
	  ---------------
	  \             /
	   \           /
	    \         /
	     \       /
	      \     /
	       \   /
	        \ /
	         .

	Linksys WRT54G Rev3 with some
	crazy new version of its firmware
	that turned on the light that says
	"Cisco Systems" in a beige color.
	(192.168.0.1 LAN, 192.168.251.2 WAN)
	     |       |
	     |       |
	     |       |
	  ---------------
	  \             /
	   \           /
	    \         /
	     \       /
	      \     /
	       \   /
	        \ /
	         .

	DMZ'd machine (192.168.0.3)
	ntpd doesn't work on it without -u.
	Doeesn't get Apache on 80 (had to move to 81).

The arrows represent how the entire connection should be routed for incoming 
packets.  Of course, this doeesn't work this way.  The SunRocket gadget 
device has some ports of its own that are inbound and it intercepts them -- 
such as the configuration interface, which is exposed on port 80, 
unencrypted, to the outside world, an internal telnet server (telnet?!), 
and some high-numbered port that they use for SIP or other VoIP stuff.

(Of course, this means that when you enable DMZ on the thing, DMZ != DMZ, 
since it's really DMZ minus ports 23, 80, and some other high number.)

*shrugs*

Cron sounds much more elegant in my case.  ;-)

	- Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available

More information about the Ale mailing list