ntpd：伺服器卡在 .INIT 上

我正在嘗試為我的本地網路設置 NTP 伺服器，但 ntpd 拒絕與外部伺服器同步。

# ntptrace
localhost: stratum 16, offset 0.000000, synch distance 0.396285

# ntpq -pn
    remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
31.135.95.60    .INIT.          16 u    - 1024    0    0.000    0.000   0.000
31.131.249.26   .INIT.          16 u    - 1024    0    0.000    0.000   0.000
91.122.42.73    .INIT.          16 u    - 1024    0    0.000    0.000   0.000
194.190.168.1   .INIT.          16 u    - 1024    0    0.000    0.000   0.000

我使用的配置幾乎是預設的：

# grep ^[^#] /etc/ntp.conf 
server 0.gentoo.pool.ntp.org
server 1.gentoo.pool.ntp.org
server 2.gentoo.pool.ntp.org
server 3.gentoo.pool.ntp.org
driftfile       /var/lib/ntp/ntp.drift
restrict default nomodify nopeer noquery limited kod
restrict 127.0.0.1
restrict [::1]
restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
disable monitor

奇怪的是我在 LAN 中有另一個 NTP 伺服器，它工作和同步很好，所以我沒有責怪 123 UDP 埠，但要確保我已經在我試圖起床的網關上明確打開它ntpd。

# iptables -L -n -v
Chain INPUT (policy ACCEPT 839K packets, 836M bytes)
pkts bytes target     prot opt in     out     source               destination         
31696 3023K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3435  273K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0           
   0     0 REJECT     udp  --  !br0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:67 reject-with icmp-port-unreachable
   0     0 REJECT     udp  --  !br0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 reject-with icmp-port-unreachable
   0     0 ACCEPT     tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
   0     0 ACCEPT     tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
   0     0 ACCEPT     tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21
   0     0 ACCEPT     tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
   0     0 ACCEPT     tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:123
   0     0 DROP       tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpts:0:1023
 204 15504 DROP       udp  --  br1    *       0.0.0.0/0            0.0.0.0/0            udp dpts:0:1023
   0     0 DROP       tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2049
   0     0 DROP       udp  --  br1    *       0.0.0.0/0            0.0.0.0/0            udp dpt:2049
   0     0 DROP       tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpts:32765:32768
   0     0 DROP       udp  --  br1    *       0.0.0.0/0            0.0.0.0/0            udp dpts:32765:32768

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
   0     0 DROP       all  --  br0    *       0.0.0.0/0            192.168.0.0/16      
21579 1859K ACCEPT     all  --  br0    *       192.168.0.0/16       0.0.0.0/0           
21307 6910K ACCEPT     all  --  br1    *       0.0.0.0/0            192.168.0.0/16      

Chain OUTPUT (policy ACCEPT 762K packets, 151M bytes)
pkts bytes target     prot opt in     out     source               destination

br0 是區域網路，br1 是廣域網。

嘗試連接到第 2 層伺服器（在另一台伺服器上可以看到，ntpd 工作正常）：

# ntpdate -d 95.213.132.250                                            
2 May 07:35:30 ntpdate[9987]: ntpdate 4.2.8p2@1.3265-o Fri May  1 20:36:27 UTC 2015 (1)
transmit(95.213.132.250)
receive(95.213.132.250)
transmit(95.213.132.250)
receive(95.213.132.250)
transmit(95.213.132.250)
receive(95.213.132.250)
transmit(95.213.132.250)
receive(95.213.132.250)
server 95.213.132.250, port 123
stratum 2, precision -21, leap 00, trust 000
refid [95.213.132.250], delay 0.03688, dispersion 0.00314
transmitted 4, in filter 4
reference time:    d8eeccd9.08f19253  Sat, May  2 2015  7:11:05.034
originate timestamp: d8eed298.9d09bba6  Sat, May  2 2015  7:35:36.613
transmit timestamp:  d8eed298.9ae29d48  Sat, May  2 2015  7:35:36.605
filter delay:  0.04114  0.04720  0.04874  0.03688 
        0.00000  0.00000  0.00000  0.00000 
filter offset: 0.004748 0.008231 0.008865 0.002733
        0.000000 0.000000 0.000000 0.000000
delay 0.03688, dispersion 0.00314
offset 0.002733

2 May 07:35:36 ntpdate[9987]: adjust time server 95.213.132.250 offset 0.002733 sec

試圖從 ntpd 獲得一些輸出

# ntpd -gqd
2 May 07:45:35 ntpd[20292]: ntpd 4.2.8p2@1.3265-o Fri May  1 20:36:26 UTC 2015 (1): Starting
2 May 07:45:35 ntpd[20292]: Command line: ntpd -gqd
2 May 07:45:35 ntpd[20292]: proto: precision = 0.051 usec (-24)
2 May 07:45:35 ntpd[20292]: Listen and drop on 0 v4wildcard 0.0.0.0:123
2 May 07:45:35 ntpd[20292]: Listen normally on 1 lo 127.0.0.1:123
2 May 07:45:35 ntpd[20292]: Listen normally on 2 br0 192.168.0.1:123
2 May 07:45:35 ntpd[20292]: Listen normally on 3 br0 192.168.0.9:123
2 May 07:45:35 ntpd[20292]: Listen normally on 4 br0 192.168.0.17:123
2 May 07:45:35 ntpd[20292]: Listen normally on 5 br1 192.168.42.250:123
2 May 07:45:35 ntpd[20292]: Listening on routing socket on fd #22 for interface updates
2 May 07:45:35 ntpd[20292]: restrict: ignoring line 51, address/host '[::1]' unusable.
^C 2 May 07:45:44 ntpd[20292]: ntpd exiting on signal 2 (Interrupt)
2 May 07:45:44 ntpd[20292]: 46.8.40.31 local addr 192.168.42.250 -> <null>
2 May 07:45:44 ntpd[20292]: 217.70.19.12 local addr 192.168.42.250 -> <null>
2 May 07:45:44 ntpd[20292]: 89.208.145.140 local addr 192.168.42.250 -> <null>
2 May 07:45:44 ntpd[20292]: 31.135.95.60 local addr 192.168.42.250 -> <null>

正如一開始可以看到的^C那樣，守護程序是手動中斷的，因為它沒有按應有的方式退出（在另一台伺服器上，ntpd 在限制消息後退出，報告時間變長）

無論我做什麼，多次重新啟動後，漂移都不會改變：

# cat /var/lib/ntp/ntp.drift 
-7.037

您的防火牆規則不允許 NTP。線

0     0 ACCEPT     tcp  --  br1    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:123

一切都很好，但是 NTP 是 UDP 服務。改變協議，事情應該會變得更好。您的FORWARD規則要寬鬆得多（本質上是permit any any），這就是 LAN 內的主機同步正常的原因。

引用自：https://serverfault.com/questions/687115