[CentOS] NTP server problem behind firewall

Tue Sep 4 10:18:04 UTC 2012
Artifex Maximus <artifexor at gmail.com>

On Tue, Sep 4, 2012 at 10:36 AM, Giles Coochey <giles at coochey.net> wrote:
> On 04/09/2012 07:31, Artifex Maximus wrote:
>> The first time (16:39:13.653674) client cannot sync to the server but
>> second time (16:39:43.145984) that was successful even if there is a
>> 'bad udp cksum'. BTW, is it normal? Tcpdump says there was traffic and
>> sync happened later so rule is OK I think.
>> When tried later sync needs three tries for success. Other time needs
>> only one. Might depend on Moon phase. It looks like I have some
>> network equipment related problem as well. Therefore I have to talk
>> with some Cisco expert.
>> At the moment I have problem with rsyslogd because there is no log of
>> denied packets but that is another story. :-)
>> Thanks for all of your help!
> Without seeing the full timeline of events, you should bear in mind that
> there will be a gap between the time that an NTP server is started before
> other clocks are allowed to sync to it. This makes sense as you wouldn't
> want to sync time to a source that itself isn't reliable. Once the NTP
> server fulfils some criteria and believes it's clock to be reliable, it will
> allow other systems to sync to it.

I know and respect that. I tried only after my NTP was synchronized
and declared as reliable. Otherwise I get some stratum error on client
which is normal I think.