I have two linux PCs, both running fedora 11 with NTP ver. 4.2.4p7.
PC1 has 192.168.1.1 and 2002::c0a9:0101 addresses
PC2 has 192.168.1.2 and 2002::c0a9:0102 addresses
ntpd is running on PC1.
on PC2 ntpdate 192.168.1.1 returned good timing from PC1
But ntpdate 2002::c0a9:0101 did not work
Wireshark runs on PC1 shows NTP client messages from 2002::c0a9:0102 are received properly, but instead of replying with NTP server messages, PC1 is sending ICMPV6 unreachable (administratively prohibited) messages.
Yet from PC1 ping6 2002:c0a9:0102 works fine.
On PC1 ntpdate -u 2002::c0a9:0101 also works via loopback interface.
Could anybody gives me some hint on why NTPD ignores the IPv6 NTP client messages?
Thanks,
Joan
|
|
0
|
|
|
|
Reply
|
 joan
|
11/8/2010 9:44:40 PM |
|
joan lee wrote:
>
> Wireshark runs on PC1 shows NTP client messages from 2002::c0a9:0102
+ are received properly, but instead of replying with NTP server messages,
+ PC1 is sending ICMPV6 unreachable (administratively prohibited) messages.
> Could anybody gives me some hint on why NTPD ignores the IPv6 NTP
+ client messages?
Administratively prohibited doesn't sound like a condition than an
application program can generate. I would look at your firewall.
|
|
|
0
|
|
|
|
Reply
|
David
|
11/10/2010 7:16:35 AM
|
|
In article <ibdgsl$406$1@news.eternal-september.org>,
David Woolley <david@ex.djwhome.demon.invalid> writes:
>joan lee wrote:
>>
>> Wireshark runs on PC1 shows NTP client messages from 2002::c0a9:0102
>+ are received properly, but instead of replying with NTP server messages,
>+ PC1 is sending ICMPV6 unreachable (administratively prohibited) messages.
>
>> Could anybody gives me some hint on why NTPD ignores the IPv6 NTP
>+ client messages?
>
>Administratively prohibited doesn't sound like a condition than an
>application program can generate. I would look at your firewall.
First, I'd check the simpler solution of does the version of ntpd he
is running support IPv6. What does >netstat -ul< say?
--
These are my opinions, not necessarily my employer's. I hate spam.
|
|
|
0
|
|
|
|
Reply
|
hal
|
11/10/2010 7:46:16 AM
|
|
Hal Murray wrote:
> First, I'd check the simpler solution of does the version of ntpd he
> is running support IPv6. What does >netstat -ul< say?
I have the same problem on my dedicated server. NTPd with IPv4 works fine
but IPv6 not.
Netstat shows:
udp 0 0 *:ntp *:*
udp6 0 0 [::]:ntp [::]:*
I use Debian Linux and ntpd - NTP daemon program - Ver. 4.2.4p4.
Best regards
Marc-Andre Alpers
|
|
|
0
|
|
|
|
Reply
|
Marc
|
11/14/2010 1:08:17 AM
|
|
On 2010-11-14, Marc-Andre Alpers <m-a.alpers@web.de> wrote:
> Hal Murray wrote:
>
>> First, I'd check the simpler solution of does the version of ntpd he
>> is running support IPv6. What does >netstat -ul< say?
>
> I have the same problem on my dedicated server. NTPd with IPv4 works
> fine but IPv6 not.
>
> Netstat shows: udp 0 0 *:ntp *:* udp6 0 0 [::]:ntp [::]:*
>
> I use Debian Linux and ntpd - NTP daemon program - Ver. 4.2.4p4.
Is the ipv6 module loaded?
Do any of your network interfaces hae IPv6 addresses?
Do you have IPv6 connectivity to your remote time servers?
--
Steve Kostecke <kostecke@ntp.org>
NTP Public Services Project - http://support.ntp.org/
|
|
|
0
|
|
|
|
Reply
|
Steve
|
11/14/2010 1:25:50 PM
|
|
Steve Kostecke wrote:
> Is the ipv6 module loaded?
IPv6 is build into the kernel.
> Do any of your network interfaces hae IPv6 addresses?
Yes, i can tracert IPv6 hosts.
traceroute to www.heise.de (2a02:2e0:3fe:100::7), 30 hops max, 40 byte packets
1 2001:41d0:2:1aff:ff:ff:ff:ff 7.345 ms * *
2 2001:41d0::792 16.711 ms * *
3 2001:7f8::3012:0:1 9.224 ms 9.153 ms 9.146 ms
4 2a02:2e0:1::1e 9.691 ms 9.586 ms 9.580 ms
5 2a02:2e0:3fe:100::7 9.964 ms 9.932 ms 9.852 ms
#
And i can reach my server via IPv6 on SSH and HTTP.
> Do you have IPv6 connectivity to your remote time servers?
I have ipv6.remco.org in my config. But NTP will connect with this server.
# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
*213.251.128.249 .GPS. 1 u 10 64 377 0.538 -0.029 0.091
+192.87.106.2 .GPS. 1 u 9 64 377 11.162 2.495 0.158
+192.87.36.4 .GPS. 1 u 7 64 377 14.561 2.473 0.171
-193.67.79.202 .PPS. 1 u 5 64 377 13.194 -0.902 0.096
-193.79.237.14 .PPS. 1 u 2 64 377 12.219 -0.883 0.122
-80.127.4.179 .GPS. 1 u 5 64 377 22.266 4.001 0.179
2001:888:1031:: .INIT. 16 - - 64 0 0.000 0.000 0.000
#
But ntpdate works fine.
#ntpdate -q ipv6.remco.org
server 2001:888:1031::1, stratum 1, offset 0.002860, delay 0.05827
15 Nov 12:34:07 ntpdate[6869]: adjust time server 2001:888:1031::1 offset
0.002860 sec
#
Best regards
Marc-Andre Alpers
|
|
|
0
|
|
|
|
Reply
|
Marc
|
11/15/2010 12:07:45 PM
|
|
Hello!
Have nobody a solution or idea wat is wrong with my server?
This works:
r34210:/home/marc-andre# ntpq -p -4 127.0.0.1
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp0.ovh.net .GPS. 1 u 60 64 7 0.508 0.929 0.134
chime1.surfnet. .GPS. 1 u 58 64 7 10.539 3.037 0.026
chime2.surfnet. .GPS. 1 u 58 64 7 17.382 4.859 0.107
ntp0.nl.uu.net .PPS. 1 u 54 64 7 13.025 -0.139 0.181
ntp1.nl.uu.net .PPS. 1 u 55 64 7 12.048 -0.045 0.120
adsl.remco.org .GPS. 1 u 54 64 7 22.736 4.901 0.224
2001:41d0:2:1a8 .INIT. 16 - - 64 0 0.000 0.000 0.000
r34210:/home/marc-andre#
This not:
r34210:/home/marc-andre# ntpq -p -6 ::1
::1: timed out, nothing received
***Request timed out
But on my home linux box it works:
marc-andre@lanserver:~$ ntpq -p -6 ::1
remote refid st t when poll reach delay offset jitter
==============================================================================
*GENERIC(0) .DCFa. 0 l 60 64 377 0.000 -0.334 1.130
-fritz.box 52.76.120.147 2 u 49 64 377 0.829 4.623 1.234
-r34210.ovh.net 213.251.128.249 2 u 41 64 377 24.438 0.256 0.838
-elara.fnutt.net 192.36.143.151 2 u 37 64 377 22.845 -0.562 2.080
-dexter.wzw.tum. 134.34.3.18 2 u 13 64 377 28.448 0.397 0.844
+ptbtime1.ptb.de .PTB. 1 u 29 64 377 13.888 1.475 0.599
-2003:0:4:ff::ff .GPS. 1 u 57 64 377 54.314 -6.705 1.261
-2003:0:8:ff::ff .GPS. 1 u 39 64 377 51.726 -6.537 0.663
marc-andre@lanserver:~$
Netstat on my dedicated server shows:
r34210:/home/marc-andre# netstat -6lu
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp6 0 0 ip6-localhost:domain [::]:*
udp6 0 0 [::]:ntp [::]:*
r34210:/home/marc-andre#
But my home linux shows this. On all ipv6 adresses is listening.
marc-andre@lanserver:~$ netstat -6lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp6 0 0 fe80::209:5bff:fe60:ntp [::]:*
udp6 0 0 2a01:198:31d:1:209::ntp [::]:*
udp6 0 0 localhost:ntp [::]:*
udp6 0 0 [::]:ntp [::]:*
udp6 0 0 [::]:domain [::]:*
udp6 0 0 [::]:64738 [::]:*
marc-andre@lanserver:~$
In tcpdump i can see that packet arrived my dedicated server. But he does
not answer.
r34210:/home/marc-andre# tcpdump ip6 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:15:47.803245 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp > 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48
21:15:49.802749 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp > 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48
21:15:51.803041 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp > 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48
21:15:53.803585 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp > 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48
NTP Version on dedicatet server comes from Debian:
version="ntpd 4.2.4p4@1.1520-o Sun Nov 22 16:14:34 UTC 2009 (1)"
processor="x86_64", system="Linux/2.6.32.2-xxxx-grs-ipv6-64"
My home Linux run ubuntu 10.10:
version="ntpd 4.2.4p8@1.1612-o Fri Apr 9 00:28:40 UTC 2010 (1)",
processor="i686", system="Linux/2.6.32-26-generic-pae"
Thanks in advance.
Best regards
Marc-Andre Alpers
|
|
|
0
|
|
|
|
Reply
|
Marc
|
11/29/2010 8:37:49 PM
|
|
W dniu 2010-11-29 21:37, Marc-Andre Alpers pisze:
> Hello!
>
> Have nobody a solution or idea wat is wrong with my server?
Hello,
I think this is the same "bug" : http://bugs.gentoo.org/326209 . I have
got very similar problem.
Regars
|
|
|
0
|
|
|
|
Reply
|
horhe
|
12/1/2010 4:27:23 PM
|
|
horhe,
I can't speak to the versions used by other repackagers, but the current
ntp-dev version interprets a nonzero broadest delay option as defeating
the calibration volley for all broadcast and multicast clients. This is
why it replaced the novolley option of the broadcast client command. If
this turns out not to be the case, a bug report is suggested.
Dave
horhe wrote:
>W dniu 2010-11-29 21:37, Marc-Andre Alpers pisze:
>
>
>>Hello!
>>
>>Have nobody a solution or idea wat is wrong with my server?
>>
>>
>
>Hello,
>I think this is the same "bug" : http://bugs.gentoo.org/326209 . I have
>got very similar problem.
>Regars
>
>_______________________________________________
>questions mailing list
>questions@lists.ntp.org
>http://lists.ntp.org/listinfo/questions
>
>
|
|
|
0
|
|
|
|
Reply
|
David
|
12/1/2010 9:16:47 PM
|
|
Es schrieb horhe:
> Hello,
> I think this is the same "bug" : http://bugs.gentoo.org/326209 . I have
> got very similar problem.
Thanks. This was the point. My Linux Kernel is grsec enabled by default.
When i load a non grsec Kernel, then ntp works fine on ipv6.
MfG Marc-Andre Alpers
|
|
|
0
|
|
|
|
Reply
|
Marc
|
12/1/2010 10:34:55 PM
|
|
Marc-Andre Alpers wrote:
> Es schrieb horhe:
>> I think this is the same "bug" : http://bugs.gentoo.org/326209
>> I have got very similar problem.
>
> Thanks. This was the point. My Linux Kernel is grsec
> enabled by default.
> When i load a non grsec Kernel, then ntp works fine on ipv6.
A quick google shows plenty of potentially related results
<http://www.google.com/search?q=%2Bgrsec+NTP+IPv6>
e.g. <http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=326209>
.... with grsec NTPd as root IPv6 worked, NTPd as user IPv6 didn't ...
<BlockQuote>
This problem occurs because ntpd does not have the needed
privileges to access /proc/net/if_inet6 when not run as
root (USE=caps).
You can reconfigure to getthe same level of security by
deselecting CONFIG_GRKERNSEC_PROC_USER and selecting
CONFIG_GRKERNSEC_PROC_USERGROUP instead.
You can then add the ntp user to the GID for the special
group to get it to read the needed info from /proc.
</BlockQuote>
The above aside;
Have you tried a current NTPd 4.2.7 ?
In the last three years since the NTP 4.2.4p4
that you mentioned you were using,
a lot of things have been worked on,
IPv6 among them, e.g.
<http://ntp.bkbits.net:8080/ntp-dev/?PAGE=search&EXPR=IPv6&SEARCH=ChangeSet+comments>
ChangeSet
1.2082.4.156 IPv6 addresses in selecting default multicast source addresses.
1.2259 [Bug 1715] sntp utilitiesTest.IPv6Address failed.
1.2082.22.21 [Bug 1080] ntpd on ipv6 routers very chatty.
1.2082.4.97 [Bug 715] libisc Linux IPv6 interface iteration drops multicast flags.
1.2110.1.1 support for IPv6.
1.2082.4.41 Remove ipv6.c as unnecessary
1.2060.10.1 [Bug 1358] AIX 4.3 sntp/networking.c IPV6_JOIN_GROUP undeclared.
1.2060.3.1 [Bug 1343] lib/isc build breaks on systems without IPv6 headers.
1.2058 [Bug 1342] ignore|drop one IPv6 address on an interface blocks all
1.2037 fix ipv4/ipv6 which are not equivalent in the libopts sense
1.2026.1.1 [Bug 1324] support bracketed IPv6 numeric addresses for restrict.
1.2005 Ensure IPv6 localhost address ::1 is included in libisc's Windows IPv6
1.1935 [Bug 1272] gsoc_sntp IPv6 build problems under HP-UX 10.
1.1926 [Bug 1270] CID 70: gsoc_sntp recv_bcst_data mdevadr.ipv6mr_interface
1.1881.2.2 it safe to initialize ipv4_works and ipv6_works before init_io()
1.1881.2.1 3 weeks of changes including IPv6 on Windows which was
1.1873.1.1 some previously separate IPv4/IPv6 paths into a single codepath.
1.1875 [Bug 1200] Enable IPv6 in Windows port
1.1867 [Bug 320] restrict default should apply to both IPv4 and IPv6
1.1735.1.63 IPv6 interfaces were being looked for twice; fix bug 474
1.1735.4.4 [Bug 828] Fix IPv4/IPv6 address parsing
1.1739.1.6 hack ISC_PLATFORM_HAVEIPV6
1.1436.9.5 [Bug 977] Fix mismatching #ifdefs for builds without IPv6
1.1690 [Bug 977] Fix mismatching #ifdefs for builds without IPv6
1.1642 [Bug 828] correct IPv6 address parsing
1.1600 [Bug 771] compare scopeid if available for IPv6 addresses
1.1600 Bug 771: compare scopeid if available for IPv6 addresses
1.1379.1.49 when attempting to send to an IPv6 address of a local interface.
--
E-Mail Sent to this address <BlackList@Anitech-Systems.com>
will be added to the BlackLists.
|
|
|
0
|
|
|
|
Reply
|
E
|
12/2/2010 3:09:34 AM
|
|
|
10 Replies
264 Views
(page loaded in 0.19 seconds)
Similiar Articles: which ntpd ? OpenBSD openntpd, BSD ntpd, other ? - comp.protocols ...I haven't experimented with using other ... help needed for ntpd ipv6 setup - comp ... BSD Guides :: Doing Stuff With FreeBSD, NetBSD, OpenBSD, & Mac OS X... mail via ... Home Director remote - setup codes? - comp.home.automation ...ulimit does not work correctly on remote ssh - comp.os.linux.misc ..... set to the low value > in a dot file in the user's home ... help needed for ntpd ipv6 setup ... net time shows wrong server - comp.protocols.time.ntpW32time - encrypted request to NTP server? - comp.protocols.time ... help needed for ntpd ipv6 setup - comp.protocols.time.ntp ..... timed out, nothing received ***Request ... Adding another computer to Roadrunner Cable Internet setup - comp ...... with adding default routing under 3.2.4.2 - comp.unix ..... numbers, and he is connected to > the internet via Time/Warner cable. ... help needed for ntpd ipv6 setup ... How to configure ntp client to connect to localhost? - comp ...I need my clients to tunnel their NTP requests ... Server Config Help w/ bc635PCI - comp.protocols.time.ntp ... Network Time Protocol ... are being ... for ntpd ipv6 setup ... Help -- pps clock stoped working in 4.2.0 ! - comp.protocols.time ...Here's my setup, which whorked fine with ntpd 4.1.1 restrict ... Hi all, Now I need some help. First I want to ... NTP 4.2.5p180 adds IPv6 support on Windows - comp ... ntpd IPv6 support on Windows? - comp.protocols.time.ntp... something together to help > with this since we need to support people without IPv6 ... The management of IPv6 settings is ... Spezialist NTP - The Network Time Protocol ... Help with building NTP-4.2.0 - comp.protocols.time.ntpntpd IPv6 support on Windows? - comp.protocols.time ... NTP-4.2.6p3 ... need your help in solving the above ... org: Home of the Network Time Protocol The Network Time Protocol ... NTP 4.2.5p180 adds IPv6 support on Windows - comp.protocols.time ...RFC 1305, the Network Time Protocol (NTP) synchronizes ... Help with building NTP-4.2.0 - comp.protocols.time.ntp ... IP ... ntpd IPv6 support ... need all of NTP ... use, and I ... Need help with adding default routing under 3.2.4.2 - comp.unix ...Adding another computer to Roadrunner Cable Internet setup - comp ... Need help with ... is connected to > the internet via Time/Warner cable. ... help needed for ntpd ipv6 ... which ntpd ? OpenBSD openntpd, BSD ntpd, other ? - comp.protocols ...I haven't experimented with using other ... help needed for ntpd ipv6 setup - comp ... BSD Guides :: Doing Stuff With FreeBSD, NetBSD, OpenBSD, & Mac OS X... mail via ... ntp.org: Home of the Network Time ProtocolThe Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or ... 7/21/2012 3:30:50 AM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
2 followers. 