Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: NTP  (Read 6657 times)

Westie

  • Kitizen
  • ****
  • Posts: 1596
Re: NTP
« Reply #15 on: January 28, 2018, 09:53:23 AM »

Don't know if this helps, but this person had a similar problem, and solved it by using openntpd instead.

In his case it was to do with ntp requiring to use UDP on port 23. Maybe a firewall issue with the Firebrick?

This NTP document confirms:
Quote
Verify the /etc/services file host machine is configured to accept UDP packets on the NTP port 123. NTP is specifically designed to use UDP and does not respond to TCP.
« Last Edit: January 28, 2018, 06:44:29 PM by Westie »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: NTP
« Reply #16 on: January 28, 2018, 07:43:35 PM »

So perhaps I would have had to open a hole in the firewall for inbound udp on that port for those servers? If so, then that would explain it.

I never had any idea about such a requirement.

I don't understand why it works for some people then.
« Last Edit: January 28, 2018, 07:51:05 PM by Weaver »
Logged

Westie

  • Kitizen
  • ****
  • Posts: 1596
Re: NTP
« Reply #17 on: January 28, 2018, 07:52:04 PM »

I'm sorry, but I don't know the answer to that question.  :(

Does this old forum topic shed any further light?

Quote
I don't understand why it works for some people then.

Neither do I. Maybe the Firebrick operates a "more secure" firewall?
« Last Edit: January 28, 2018, 07:58:08 PM by Westie »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: NTP
« Reply #18 on: January 28, 2018, 07:53:53 PM »

I don't use NAT, I have real IPv4 and IPv6 addresses for the pi. So NAT isn't the issue. That is going to be interesting with NAT translators for some people perhaps. (Shudders.)
Logged

Westie

  • Kitizen
  • ****
  • Posts: 1596
Re: NTP
« Reply #19 on: January 28, 2018, 08:31:21 PM »

Maybe NAT is why it does work for some people?

As I understand it, UDP is essentially a one-way protocol, so there will be less delays incurred and therefore more accurate timing, whereas TCP establishes a two way session. It could be that a NAT translator "holds on" to the outbound UDP request and thus recognises the return packet when it arrives, whereas a "proper" firewall doesn't do that unless specifically instructed to do so.

If so, maybe poking a hole in the firewall is a solution...

This is purely conjecture on my part, and I would welcome correction from anyone who really knows!

Edit: Page 11 of the IETF document RFC 4787 appears to support that theory:
Quote
REQ-5:  A NAT UDP mapping timer MUST NOT expire in less than two minutes, unless REQ-5a applies...
« Last Edit: January 29, 2018, 01:23:04 AM by Westie »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: NTP
« Reply #20 on: January 29, 2018, 08:24:03 AM »

A very good point - helps the firewall accidentally do the ‘right thing’ with UDP.

I have set up other devices that use NTP - perhaps I need to check whether they are even working.
Logged

Westie

  • Kitizen
  • ****
  • Posts: 1596
Re: NTP
« Reply #21 on: February 05, 2018, 08:11:58 AM »

@Weaver

Sorry for the bump, but did you get your Pi timing sorted?
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: NTP
« Reply #22 on: March 31, 2018, 12:49:12 AM »

No I never did. The next thing to do was to investigate firewalling problems given what I had learned in this thread. But stupidly I managed to brick them pi and now can't use it at all.

I will get some help at some point to get the machine up and running again.

More recently though I spotted something excellent, a hosted Raspberry Pi 3 at Mythic Beasts. `i can ssh into it, and I can remotely reboot it and remotely wipe it and reinstall an o/s image automatically within a minute or so. So when I make a mess if things I am always safe, which means that I can try ignorant experiments with confidence.

That machine has a choice of three different o/s versions, I tried one version of Raspian 32-bit and now I am also on a very stripped-down Ubuntu 32-bit. (Not so easy to get proper AArch64 builds yet perhaps.)

On this machine, NTP just works. Probably due to the fact that there is no firewalling at all.

The machine is all set up to use IPv6 properly. I think it doesn't come with any global public IPv4 address, and I am just using IPv6 for everything.
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: NTP
« Reply #23 on: April 20, 2018, 05:27:49 PM »

My hardware firewall blocks NTP unless I open ports for it.
Have you checked your firewall logs ?.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: NTP
« Reply #24 on: April 21, 2018, 02:53:55 AM »

@Tickmike I ended up completely killing the machine and have no way of getting it back up again until Incan come up with sufficient resolve to overcome the humiliation of having to go and beg my long-suffering neighbour down the hill to rescue me again. I also bought a storage card to pu the o/s on which I am told is unsuitable for the pi, so will,have to remedy that before a future attempt.
Logged
Pages: 1 [2]
 

anything