Re: ntpdate synchronization b/w two ntpservers
- From: Frank Cusack <fcusack@xxxxxxxxxxx>
- Date: Tue, 11 Dec 2007 10:48:07 -0800
On Tue, 11 Dec 2007 09:50:17 -0800 Michael Vilain <vilain@xxxxxxxxxxxxx> wrote:
In article <vilain-2F00B6.21262110122007@xxxxxxxxxxxxxxxxxxxxxxxx>,
Michael Vilain <vilain@xxxxxxxxxxxxx> wrote:
In article
<03516e05-83a7-430d-9415-1d8f7a6ff446@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Salman <hudamuslim@xxxxxxxxx> wrote:
BismillahirRehmanirRahim
Hi Sun Admins,
may i know is it possible to synchronize time using ntpdate b/w two
ntpservers ?
the problem is that our servers are unable to synchronize with our ntp
server as its behind the firewall.
As far as i know, ntpdate uses port 123 UDP to connect to ntp Server
the source port used by the client is choose randomnly >1023.
so ntp server reply to ntp client request to that randomnly choose
port.
The problem is that we have bidirectional firewall. and they wont open
firewall for randomn ports.
the destination port should be specified or the range of ports should
be
specified.
Do you know what range of ports will be used by ntp client when
connect to
the ntp server.
As a workaround i decide to run ntpserver on my ntpclient. so in that
case
the both source & destination ports will be 123.
So i want to know if it is possible to synchronise my Server if
installed
ntpserver on it and then it get sync with remote ntp server.
2ndly what is the range of ports ntp client use to sync with ntp
server.
I hope i clearly describe my problem.
Appreciate your expert inputs.
Your Junior Admin
Muhammad Salman Faheem
Since ntpd is a known service, you'll either have to make a business
case for opening the firewall up to allow ONE machine access to a
stratum 2 server outside your network or you'll have to setup a router
with a GPS to use as the synching host. If your upper management won't
allow for a reference time source, you can't really run ntpd using the
stratum model. At best, you can set one machine's date and have all the
other synch off of it, but they'll drift along with this reference
machine.
It will become someone's daily job to synchronize this machine to wall
clock time. Good luck when that person goes on vacation and all your
machines go south.
Sometimes management has to be shown how stupid they are. I had a
colleague tell the story of his time at VLSI working for an absolute
half-wit as the IT manager. The guy didn't have a clue about networks
and was insistent about severing the link between key segments of the
network. My colleague warned him _in writing_ including a CC to his
boss that this was a Bad Idea(tm) and that all sorts of things would
break. The PHB ordered him _in writing_ to make the changes, so he did,
acknowleging the changes to the PHB's boss and boss' boss. Then he went
on a 2 week vacation. On his return, he immediately hands in his
resignation. The PHB is forced to have him fix the network and cannot
fire him. If he escorts him out the door, the knowledge of the network
goes with him. After my colleague left, the entire IT department quit
en masse a month later. For some reason, the PHB wasn't fired for this.
Go figure.
http://www.wired.com/science/discoveries/news/2007/12/time_hackers
cool! but how is it related to the 76 lines of text you quoted?
-frank
.
- Prev by Date: Re: ntpdate synchronization b/w two ntpservers
- Next by Date: PHBs (was: ntpdate synchronization b/w two ntpservers)
- Previous by thread: Re: ntpdate synchronization b/w two ntpservers
- Next by thread: PHBs (was: ntpdate synchronization b/w two ntpservers)
- Index(es):
Relevant Pages
|
|
