no ntp (123) port after installing Chrony
by raksasas from LinuxQuestions.org on (#5GSP7)
I wanted to setup a ntp server but I find that the ntp Port 123 is not open on the vm I setup. I wanted to setup an ntp server in hopes to point my systems to it for time but I am not having much luck with it. Any pointers on where to look would be helpful. Thanks.
Code:chronyadmin@ChronyHA1:~$ sudo apt search chrony
Sorting... Done
Full Text Search... Done
chrony/stable,now 3.4-4+deb10u1 amd64 [installed]
Versatile implementation of the Network Time ProtocolIt is a Debian 10 system. Once I ssh'ed into the system I installed Chrony with "sudo apt install chrony". I have even check that the server is up and running with "sudo systemctl status chronyd". I edited the "/etc/chrony/chrony.conf" file to add some different ntp pools followed by a "sudo systemctl restart chornyd"
Code:chronyadmin@ChronyHA1:~$ sudo systemctl status chronyd
chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-04-19 13:19:36 CDT; 14s ago
Docs: man:chronyd(8)
man:chronyc(1)
man:chrony.conf(5)
Process: 24683 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0/SUCCESS)
Process: 24687 ExecStartPost=/usr/lib/chrony/chrony-helper update-daemon (code=exited, status
Main PID: 24685 (chronyd)
Tasks: 2 (limit: 2356)
Memory: 1008.0K
CGroup: /system.slice/chrony.service
24685 /usr/sbin/chronyd -F -1
24686 /usr/sbin/chronyd -F -1
Apr 19 13:19:36 ChronyHA1 systemd[1]: Starting chrony, an NTP client/server...
Apr 19 13:19:36 ChronyHA1 chronyd[24685]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK
Apr 19 13:19:36 ChronyHA1 chronyd[24685]: Frequency -0.584 +/- 0.701 ppm read from /var/lib/chr
Apr 19 13:19:36 ChronyHA1 chronyd[24685]: Loaded seccomp filter
Apr 19 13:19:36 ChronyHA1 systemd[1]: Started chrony, an NTP client/server.
Apr 19 13:19:41 ChronyHA1 chronyd[24685]: Selected source 128.194.254.9
Apr 19 13:19:43 ChronyHA1 chronyd[24685]: Selected source 52.45.108.175At this point I tried to point my pfSense router to this Chrony NTP server but it does not seem to update/correct it's time which is a couple minutes off. After a couple of hours trying I found and decided to check to even see if the ntp port was open from a diffrent machine. A nmap scan shows that port is down on the chrony machine.
Code:raksasas@T560:~$ nmap -p 123 192.168.101.71
Starting Nmap 7.70 ( https://nmap.org ) at 2021-04-19 06:54 CDT
Nmap scan report for 192.168.101.71
Host is up (0.00066s latency).
PORT STATE SERVICE
123/tcp closed ntp
Nmap done: 1 IP address (1 host up) scanned in 0.10 secondsI have attempted to open the port up by using "iptables" by using the following site but it didn't open the port: https://ixnfo.com/en/iptables-rules-...-and-sntp.html
Code:To open access to the NTP client and NTP server in IPTables, you need to add rules:
sudo iptables -A OUTPUT -p udp -m udp -m multiport --dports 123 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -m state --state NEW -p udp --dport 123 -j ACCEPTI did another nmap scan and it is still closed.
Code:chronyadmin@ChronyHA1:~$ sudo apt search chrony
Sorting... Done
Full Text Search... Done
chrony/stable,now 3.4-4+deb10u1 amd64 [installed]
Versatile implementation of the Network Time ProtocolIt is a Debian 10 system. Once I ssh'ed into the system I installed Chrony with "sudo apt install chrony". I have even check that the server is up and running with "sudo systemctl status chronyd". I edited the "/etc/chrony/chrony.conf" file to add some different ntp pools followed by a "sudo systemctl restart chornyd"
Code:chronyadmin@ChronyHA1:~$ sudo systemctl status chronyd
chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-04-19 13:19:36 CDT; 14s ago
Docs: man:chronyd(8)
man:chronyc(1)
man:chrony.conf(5)
Process: 24683 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0/SUCCESS)
Process: 24687 ExecStartPost=/usr/lib/chrony/chrony-helper update-daemon (code=exited, status
Main PID: 24685 (chronyd)
Tasks: 2 (limit: 2356)
Memory: 1008.0K
CGroup: /system.slice/chrony.service
24685 /usr/sbin/chronyd -F -1
24686 /usr/sbin/chronyd -F -1
Apr 19 13:19:36 ChronyHA1 systemd[1]: Starting chrony, an NTP client/server...
Apr 19 13:19:36 ChronyHA1 chronyd[24685]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK
Apr 19 13:19:36 ChronyHA1 chronyd[24685]: Frequency -0.584 +/- 0.701 ppm read from /var/lib/chr
Apr 19 13:19:36 ChronyHA1 chronyd[24685]: Loaded seccomp filter
Apr 19 13:19:36 ChronyHA1 systemd[1]: Started chrony, an NTP client/server.
Apr 19 13:19:41 ChronyHA1 chronyd[24685]: Selected source 128.194.254.9
Apr 19 13:19:43 ChronyHA1 chronyd[24685]: Selected source 52.45.108.175At this point I tried to point my pfSense router to this Chrony NTP server but it does not seem to update/correct it's time which is a couple minutes off. After a couple of hours trying I found and decided to check to even see if the ntp port was open from a diffrent machine. A nmap scan shows that port is down on the chrony machine.
Code:raksasas@T560:~$ nmap -p 123 192.168.101.71
Starting Nmap 7.70 ( https://nmap.org ) at 2021-04-19 06:54 CDT
Nmap scan report for 192.168.101.71
Host is up (0.00066s latency).
PORT STATE SERVICE
123/tcp closed ntp
Nmap done: 1 IP address (1 host up) scanned in 0.10 secondsI have attempted to open the port up by using "iptables" by using the following site but it didn't open the port: https://ixnfo.com/en/iptables-rules-...-and-sntp.html
Code:To open access to the NTP client and NTP server in IPTables, you need to add rules:
sudo iptables -A OUTPUT -p udp -m udp -m multiport --dports 123 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -m state --state NEW -p udp --dport 123 -j ACCEPTI did another nmap scan and it is still closed.