I should probably mention that this is OpenBSD 6.2 running under VirtualBox on MacOS.
On Mon, Jan 8, 2018 at 10:02 PM, Stuart Henderson <[email protected]> wrote: > How does "rdate -nvp pool.ntp.org" look? $ doas rdate -nvp pool.ntp.org rdate: Unable to receive NTP packet from server: No route to host rdate: Unable to receive NTP packet from server: No route to host rdate: Unable to receive NTP packet from server: No route to host rdate: Unable to receive NTP packet from server: No route to host rdate: Unable to get a reasonable time estimate On the other hand (suggested by Rudy Baker in a private message): $ nc -vu pool.ntp.org 123 Connection to pool.ntp.org 123 port [udp/ntp] succeeded! $ traceroute -c -p 123 pool.ntp.org traceroute: Warning: pool.ntp.org has multiple addresses; using 203.159.70.33 traceroute to pool.ntp.org (203.159.70.33), 64 hops max, 40 byte packets 1 10.0.2.2 (10.0.2.2) 0.867 ms 0.349 ms 0.246 ms 2 * * * 3 192.168.11.1 (192.168.11.1) 2.514 ms 2.137 ms 1.786 ms 4 125.213.235.25 (125.213.235.25) 2.848 ms 2.51 ms 2.617 ms 5 125.213.235.17 (125.213.235.17) 5.88 ms 3.059 ms 3.211 ms 6 * * * 7 * * * 8 * * * 9 * 125.213.235.17 (125.213.235.17) 3.367 ms !X * Disabling pf (as well as the firewall on the host MacOS) gives identical results. Also, it looks like no packets are coming back (suggested by David Dahlberg in a private message): $ doas tcpdump -envps1500 -i em0 port ntp or icmp tcpdump: listening on em0, link-type EN10MB 06:16:31.765946 08:00:27:34:76:da 52:54:00:12:35:02 0800 90: 10.0.2.15.47084 > 203.158.247.150.123: [bad udp cksum cf8d! -> 5deb] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt -34468692.156416639 [tos 0x10] (ttl 64, id 34769, len 76) 06:16:31.766020 08:00:27:34:76:da 52:54:00:12:35:02 0800 90: 10.0.2.15.35704 > 203.158.118.2.123: [bad udp cksum 4df9! -> 780a] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt -95552486.879830002 [tos 0x10] (ttl 64, id 47214, len 76) 06:16:31.766340 08:00:27:34:76:da 52:54:00:12:35:02 0800 90: 10.0.2.15.31315 > 103.22.182.121.123: [bad udp cksum 29e8! -> dad3] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt +1659942531.907521903 [tos 0x10] (ttl 64, id 53951, len 76) 06:16:31.766494 08:00:27:34:76:da 52:54:00:12:35:02 0800 90: 10.0.2.15.11278 > 203.159.70.33.123: [bad udp cksum 1e19! -> 6dc7] v4 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt +94128219.587299346 [tos 0x10] (ttl 64, id 30931, len 76) 06:16:31.768890 52:54:00:12:35:02 08:00:27:34:76:da 0800 90: 125.213.235.17 > 10.0.2.15: icmp: host 203.158.247.150 unreachable - admin prohibited filter [icmp cksum ok] [tos 0xd0] (ttl 63, id 48216, len 76) What is "admin prohibited filter"? Thanks for all the suggestions!
