我的一台服务器无法与我的内部 ntp 服务器同步时间。
它适用于 DMZ 中除一台服务器之外的所有服务器!
这里是能够同步的服务器的 ntpdate 调试:
host-10.254.250.52:~# ntpdate -u -d internal-ntp
21 Jun 11:23:13 ntpdate[22168]: ntpdate [email protected] Sun Nov 22 16:14:35 UTC 2009 (1)
transmit(internal-ntp)
receive(internal-ntp)
transmit(internal-ntp)
receive(internal-ntp)
transmit(internal-ntp)
receive(internal-ntp)
transmit(internal-ntp)
receive(internal-ntp)
transmit(internal-ntp)
server internal-ntp, port 123
stratum 3, precision -20, leap 00, trust 000
refid [internal-ntp], delay 0.02632, dispersion 0.00000
transmitted 4, in filter 4
reference time: dcf49c8e.67939494 Wed, Jun 21 2017 11:19:42.404
originate timestamp: dcf49d61.40ad9621 Wed, Jun 21 2017 11:23:13.252
transmit timestamp: dcf49d61.41bf487f Wed, Jun 21 2017 11:23:13.256
filter delay: 0.02632 0.02650 0.02675 0.02650
0.00000 0.00000 0.00000 0.00000
filter offset: -0.00467 -0.00469 -0.00459 -0.00464
0.000000 0.000000 0.000000 0.000000
delay 0.02632, dispersion 0.00000
offset -0.004672
21 Jun 11:23:13 ntpdate[22168]: adjust time server internal-ntp offset -0.004672 sec
这里是能够在 ntp 服务器端同步的服务器的 tcpdump 跟踪:
internal-ntp:/var/log# tcpdump host 10.254.250.52
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:19:20.105722 IP 10.254.250.52.34851 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:20.105764 IP internal-ntp.ntp > 10.254.250.52.34851: NTPv4, Server, length 48
11:19:20.106471 IP 10.254.250.52.34851 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:20.106499 IP internal-ntp.ntp > 10.254.250.52.34851: NTPv4, Server, length 48
11:19:20.107120 IP 10.254.250.52.34851 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:20.107163 IP internal-ntp.ntp > 10.254.250.52.34851: NTPv4, Server, length 48
11:19:20.107969 IP 10.254.250.52.34851 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:20.108000 IP internal-ntp.ntp > 10.254.250.52.34851: NTPv4, Server, length 48
这里是无法同步的服务器的 ntpdate 调试:
host-10.254.250.51:~# ntpdate -u -d internal-ntp
21 Jun 11:21:42 ntpdate[6194]: ntpdate [email protected] Sun Nov 22 16:14:35 UTC 2009 (1)
transmit(internal-ntp)
transmit(internal-ntp)
transmit(internal-ntp)
transmit(internal-ntp)
transmit(internal-ntp)
internal-ntp: Server dropped: no data
server internal-ntp, port 123
stratum 0, precision 0, leap 00, trust 000
refid [internal-ntp], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 10:28:16.000
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 10:28:16.000
transmit timestamp: dcf49d09.f28900c5 Wed, Jun 21 2017 11:21:45.947
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
21 Jun 11:21:46 ntpdate[6194]: no server suitable for synchronization found
这里是无法在 ntp 服务器端同步的服务器的 tcpdump 跟踪:
internal-ntp:/var/log# tcpdump host 10.254.250.51
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:19:40.896719 IP 10.254.250.51.59008 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:40.896763 IP internal-ntp.ntp > 10.254.250.51.59008: NTPv4, Server, length 48
11:19:41.896762 IP 10.254.250.51.59008 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:41.896804 IP internal-ntp.ntp > 10.254.250.51.59008: NTPv4, Server, length 48
11:19:42.896556 IP 10.254.250.51.59008 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:42.896597 IP internal-ntp.ntp > 10.254.250.51.59008: NTPv4, Server, length 48
11:19:43.896851 IP 10.254.250.51.59008 > internal-ntp.ntp: NTPv4, Client, length 48
11:19:43.896891 IP internal-ntp.ntp > 10.254.250.51.59008: NTPv4, Server, length 48
NTP 客户端在 Debian 5.0.10 上,NTP 服务器在 Debian 5.0.8 上
NTP 客户端配置:
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server internal-ntp iburst dynamic
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
internal-ntp 上的 NTP 服务器配置:
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 0.debian.pool.ntp.org iburst dynamic
server 1.debian.pool.ntp.org iburst dynamic
server 2.debian.pool.ntp.org iburst dynamic
server 3.debian.pool.ntp.org iburst dynamic
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
答案1
不工作的 NTP 客户端不会接收来自服务器的数据包,它看起来像客户端和服务器之间的不对称路由。
工作客户端上的此 NTP 日期...
host-10.254.250.52:~# ntpdate -u internal-ntp
21 Jun 14:49:31 ntpdate[7747]: adjust time server internal-ntp offset 0.001020 sec
...在客户端给出这个 tcpdump 跟踪:
host-10.254.250.52:~# tcpdump port 123 and host internal-ntp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:33:43.620356 IP 10.254.250.52.35247 > internal-ntp.ntp: NTPv4, Client, length 48
15:33:43.621062 IP internal-ntp.ntp > 10.254.250.52.35247: NTPv4, Server, length 48
15:33:43.621086 IP 10.254.250.52.35247 > internal-ntp.ntp: NTPv4, Client, length 48
15:33:43.621549 IP internal-ntp.ntp > 10.254.250.52.35247: NTPv4, Server, length 48
15:33:43.621563 IP 10.254.250.52.35247 > internal-ntp.ntp: NTPv4, Client, length 48
15:33:43.622282 IP internal-ntp.ntp > 10.254.250.52.35247: NTPv4, Server, length 48
15:33:43.622294 IP 10.254.250.52.35247 > internal-ntp.ntp: NTPv4, Client, length 48
15:33:43.623012 IP internal-ntp.ntp > 10.254.250.52.35247: NTPv4, Server, length 48
非工作客户端上的 NTP 日期...
host-10.254.250.51:~# ntpdate -u internal-ntp
21 Jun 14:51:24 ntpdate[11773]: no server suitable for synchronization found
...在客户端给出这个 tcpdump 跟踪:
host-10.254.250.51:~# tcpdump dst port 123 and host internal-ntp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:51:20.334130 IP 10.254.250.51.43811 > internal-ntp.ntp: NTPv4, Client, length 48
14:51:21.334171 IP 10.254.250.51.43811 > internal-ntp.ntp: NTPv4, Client, length 48
14:51:22.334118 IP 10.254.250.51.43811 > internal-ntp.ntp: NTPv4, Client, length 48
14:51:23.334119 IP 10.254.250.51.43811 > internal-ntp.ntp: NTPv4, Client, length 48