[CentOS] NTP server problem behind firewall

Tue Sep 4 08:36:27 UTC 2012
Giles Coochey <giles at coochey.net>

On 04/09/2012 07:31, Artifex Maximus wrote:
> The first time (16:39:13.653674) client cannot sync to the server but
> second time (16:39:43.145984) that was successful even if there is a
> 'bad udp cksum'. BTW, is it normal? Tcpdump says there was traffic and
> sync happened later so rule is OK I think.
> When tried later sync needs three tries for success. Other time needs
> only one. Might depend on Moon phase. It looks like I have some
> network equipment related problem as well. Therefore I have to talk
> with some Cisco expert.
> At the moment I have problem with rsyslogd because there is no log of
> denied packets but that is another story. :-)
> Thanks for all of your help!
Without seeing the full timeline of events, you should bear in mind that 
there will be a gap between the time that an NTP server is started 
before other clocks are allowed to sync to it. This makes sense as you 
wouldn't want to sync time to a source that itself isn't reliable. Once 
the NTP server fulfils some criteria and believes it's clock to be 
reliable, it will allow other systems to sync to it.


Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
giles at coochey.net