On Tue, Feb 24, 2004 at 03:26:32PM -0800, [EMAIL PROTECTED] wrote: > I was able to get ntpdate to run manually but it only seems to work if I > open up 123 udp on my firewall. I modified the ntpdate init.d script to > remove the -u option which seemed to help when I run that. But like you > said shouldn't i be able to run this with the default debian install and > more importantly without opening ports?
As Paul says, your firewall should be allowing all connections outbound, and established/related connections inbound; thus you should be able to open a connection to the ntp server and receive its replies, without modifying the firewall. It would be unusual to have restrictions on the outbound traffic, or related inbound traffic, but if you do, then you might need to change them. Another point to note is that ntpd and ntpdate don't work together. ntpd keeps in touch with ntp servers and makes continual small adjustments to your clock to keep it in sync. ntpdate makes a one-off contact with the server and yanks the local clock into sync. You have to stop ntpd before you can run ntpdate. Generally you would run ntpdate once, when you connect to the net, to sync your clock, then start ntpd to keep it in sync; if your clock is too far out when you start ntpd, ntpd doesn't work. It does have an option to force it to work in that situation, but ISTR there being something flaky about using that option. The alternative is chrony, which I don't know about; I use ntpd and ntpdate because I found out about them before I found out about chrony :-) -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
pgp00000.pgp
Description: PGP signature
