As I was having time sync issues, I have installed NTP; and though I have gone through quite a few guides/threads, I'm having trouble figuring out:
(1) proper/secure configuration for /etc/ntp.conf, and
(2) whether to open, and what ports in /etc/nftables.conf.
To be extra clear, I just want to sync time with network servers, which I believe, running NTP in NTP client mode. I do not want to run NTP server.
This is how I've installed NTP:
sudo timedatectl set-ntp no
sudo apt update
sudo apt install ntp ntpdate
sudo systemctl enable ntp
The questions I have:
(1) Do I need the following in my /etc/ntp.conf to run NTP client? If yes, is this the proper/secured configuration?
Commented out part:
# restrict lo
# Commented this out, as I was getting this error:
# Error: restrict: ignoring line 2, address/host 'lo' unusable.
# interface listen lo
# driftfile /var/lib/ntp/ntp.drift
# leapfile "/var/db/ntpd.leap-seconds.list"
# Commented this 3 entries, as I didn't know if I need them.
nano /etc/ntp.conf
restrict 127.0.0.1
restrict -6 ::1
restrict -4 default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict source limited kod nomodify notrap noquery
interface ignore wildcard
interface listen 192.168.1.104
interface listen 192.168.1.105
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
server 3.us.pool.ntp.org
(2) Do I need to open the following ports in Nftables firewall to run NTP client properly?
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
# Port 123 for NTP
udp dport 123 counter accept
udp sport 123 counter accept
}
}
table inet filter {
chain output {
type filter hook output priority 0; policy accept;
# Port 123 for NTP
udp dport 123 counter accept
udp sport 123 counter accept
}
}
(3) Right now, I think NTP is syncing time... though I'm still getting these errors:
ntpd: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
ntpd: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
systemctl status ntp
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running)
Docs: man:ntpd(8)
Process: 16615 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 16623 (ntpd)
Tasks: 2 (limit: 18827)
Memory: 1.3M
CGroup: /system.slice/ntp.service
└─16623 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 134:144
Jun 21 21:57:44 um ntpd[16620]: ntpd [email protected] (1): Starting
Jun 21 21:57:44 um ntpd[16620]: Command line: /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 134:144
Jun 21 21:57:44 um systemd[1]: Started Network Time Service.
Jun 21 21:57:44 um ntpd[16623]: proto: precision = 0.088 usec (-23)
Jun 21 21:57:44 um ntpd[16623]: Listen normally on 0 lo 127.0.0.1:123
Jun 21 21:57:44 um ntpd[16623]: Listen normally on 1 enp0s25 192.168.1.105:123
Jun 21 21:57:44 um ntpd[16623]: Listening on routing socket on fd #18 for interface updates
Jun 21 21:57:44 um ntpd[16623]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
Jun 21 21:57:44 um ntpd[16623]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
Jun 21 22:06:26 um ntpd[16623]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
white.web-ster. 127.67.113.92 2 u 16 64 1 294.505 -2.983 0.000
clover0.mattnor 139.78.97.128 2 u 11 64 1 289.878 7.684 0.000
66.85.78.80 172.16.23.153 2 u 10 64 1 267.014 -1.455 0.000
voipmonitor.wci 216.218.254.202 2 u 12 64 1 318.841 -16.123 0.000
OS: Ubuntu MATE 21.04
NTP: 1:4.2.8p12+dfsg-3ubuntu4
Systemd: 247 (247.3-3ubuntu3.1)
