From: John Christian (john.christian@TheCReGroup.com)
Date: Thu Jul 07 2005 - 10:43:30 EDT
hi everyone,
I have 4 NTP servers behind a firewall. They are all permitted by the firewall
to contact certain NTP servers on the Internet. They all use the same config
and all work fine... unless.
The broken NTP server works fine when only the main IP address is configured
on bge0. If I add a virtual interface on bge0:1, it seems that NTP can no
longer contact the public NTP servers. As soon as I ifconfig bge0:1 down, NTP
works again. I suspect NTP is trying to use the virtual interface which is not
permitted by the firewall.
Temp workaround I found: If I down the virtual interface, start the xntpd
daemon, then bring the virtual interface back up, the xntpd daemon continues
to run okay. If I manually change the time, xntpd will correct the time after
a few minutes which tells me it is still able to talk to the public NTP
servers. Of course, I shouldn't have to bring down all virtual interfaces just
because I need to restart the xntpd daemon.
How do I force NTP to only use the main IP address on bge0?
Eventually, there will be many virtual IPs on these hosts. Adding NTP-related
firewall rules for all IPs is not an option. Solaris 9 Generic_118558-06 with
Sun's bundled NTP package SUNWntpr 11.9.0,REV=2002.04.06.15.27 (NTP version
3). I'm using "ntpdate -d ip-of-publicserver" to test connectivity.
TIA for any suggestions!
-John Christian
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:03 EDT