Δευτέρα 18 Ιουλίου 2011

FreeBSD Install OpenNTPD NTP Server / Client To Synchronize The Local Clock

How do I install OpenNTPD ( a Unix system daemon implementing the Network Time Protocol) to synchronize the local clock of a FreeBSD computer system with remote NTP servers called ntp.myisp.com?

Accurate time is important for various UNIX applications such as BIND, Crond, Apache and others. OpenNTPD able to act as an NTP server and as an NTP server to NTP-compatible clients. The default ntpd server cannot bind to specific IP address. If you are planning to use FreeBSD jails, you must disable ntpd and use OpenNTPD.

OpenNTPD Installation

Type the following command to update FreeBSD ports tree:
# portsnap fetch update
To install OpenNTPD server, enter:
# cd /usr/ports/net/openntpd
# make install clean

Configuration Files

  1. /usr/local/sbin/ntpd OpenNTPD network server file.
  2. /usr/local/etc/rc.d/openntpd - OpenNTPD startup scripts to start / stop OpenNTPD server.
  3. /usr/local/etc/ntpd.conf - OpenNTPD configuration file.
  4. TCP / UDP port # 123 - OpenNTPD NTP port.
Open /usr/local/etc/ntpd.conf file, enter:
# vi /usr/local/etc/ntpd.conf
Update configuration as follows:
# Do not listen to all IP, just bind
# openntpd to Ipv4 203.11.22.33, 10.21.16.223, IPv6 2607:f0d0:3001:0009:0000:0000:0000:0001
# and loopback
listen on 203.11.22.33
listen on 10.21.16.223
listen on 2607:f0d0:3001:0009:0000:0000:0000:0001
listen on 127.0.0.1
 
# Sync to a single server
server ntp.myisp.com
 
# Use a random selection of 8 public stratum 2 servers
servers pool.ntp.org

Turn on OpenNTPD service

Enable OpenNTPD service:
# echo 'openntpd_enable="YES"' >> /etc/rc.conf

Task: Start OpenNTPD Service

# /usr/local/etc/rc.d/openntpd start

Task: Stop OpenNTPD Service

# /usr/local/etc/rc.d/openntpd stop

Task: Restart OpenNTPD Service

# /usr/local/etc/rc.d/openntpd restart

Task: Verify OpenNTPD Service

Find out the status:
# /usr/local/etc/rc.d/openntpd status
Sample output:
openntpd is running as pid 68596 68597.
Verify open port:
# sockstat -4 -p 123
OR
# sockstat -46 -p 123
Sample output:
_ntp     ntpd       68597 4  udp4   10.21.16.223:61228     10.0.1.22:123
_ntp     ntpd       68597 6  udp4   203.11.22.33:123     *:*
_ntp     ntpd       68597 7  udp4   10.21.16.223:123       *:*
_ntp     ntpd       68597 8  udp6   2607:f0d0:3001:9::1:123*:*
_ntp     ntpd       68597 9  udp4   127.0.0.1:123         *:*
_ntp     ntpd       68597 10 udp4   203.11.22.33:51829   69.31.43.10:123
_ntp     ntpd       68597 11 udp4   203.11.22.33:52453   67.159.5.90:123
_ntp     ntpd       68597 12 udp4   203.11.22.33:58929   71.6.202.221:123
_ntp     ntpd       68597 13 udp4   203.11.22.33:60272   198.144.194.12:123
_ntp     ntpd       68597 14 udp4   203.11.22.33:51298   216.45.57.39:123

Open Outgoing Port Port # 123 via PF firewall

Update your /etc/pf.conf as follows:
# Note $ext_if is your interface facing the Internet
# Useful for dedicated FreeBSD server #
# Ipv4 Open outgoing port TCP 123 (NTP)
pass out on $ext_if proto tcp to any port ntp
 
# Ipv6 Open outgoing port TCP 123 (NTP)
pass out on $ext_if inet6 proto tcp to any port ntp
 
# Ipv4 Open outgoing port UDP 123 (NTP)
pass out on $ext_if proto udp to any port ntp
 
# Ipv6 Open outgoing port UDP 123 (NTP)
pass out on $ext_if inet6 proto udp to any port ntp
Reload pf firewall rules:
# /sbin/pfctl -nf /etc/pf.conf && /etc/rc.d/pf reload

Δεν υπάρχουν σχόλια: