> The zeros in the "reach" column indicate that the server has been unable to > receive any packets from the upstream servers. > > Is your server inside a firewall? If so, perhaps it is blocking NTP traffic. > You need to have it allow UDP port 123 in both directions. You don't need > port forwarding from outside to in, since all incoming packets will be replies > to outgoing packets. > > If it is not inside a firewall, perhaps you have iptables on the server itself > blocking UDP port 123 traffic. Fantastic, Tony. This is the information I needed. Our ISP does in fact block UDP packets and I suspect this is why the sync is failing. One question though - how come I can use ntpdate servername to update them by hand? Shouldn't that be blocked as well?