Package: ntp
Version: 4.2.2.p4+dfsg-2
Severity: serious
On a dedicated 86 Linux router launching ntp server vith ip alias
interface, I would like to run ntpd in order to listen ntp traffic only
on a single virtual interface. ( It seems the definition of -L option )
My config is ...
-> uname -a
Linux obiwan 2.6.23.jml-054 #1 SMP PREEMPT Thu Oct 11 22:32:06 CEST 2007 i686
GNU/Linux
-> dpkg -l |grep libc6
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
-> ip addr ls dev eth0
3: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1480 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:eb:e8:16 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/22 brd 192.168.1.255 scope global eth0
inet 192.168.2.4/32 scope global eth0:srvscanner
inet 192.168.2.9/32 scope global eth0:srv-ntp-2
inet 192.168.2.17/32 scope global eth0:srvdns-2
inet 192.168.2.19/32 scope global eth0:srvsmtp-1
inet 192.168.2.20/32 scope global eth0:srvmail-3
inet 192.168.2.22/32 scope global eth0:srvwins-1
inet6 fe80::5054:ff:feeb:e816/64 scope link
valid_lft forever preferred_lft forever
... I would like ntpd listen only on eth0:srv-ntp-2, so when running
command...
sudo /usr/sbin/ntpd -p /var/run/ntpd.pid -u 104:113 -g -A -i /tmp -L
eth0:srv-ntp-2
then on syslog-ng output, i have....
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11740]: ntpd [EMAIL PROTECTED]
Sun Mar
4 13:21:35 UTC 2007 (1)
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: precision = 3.000 usec
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
wildcard, 0.0.0.0#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
wildcard, ::#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0,
fe80::5054:ff:feeb:e816#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface lo,
::1#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth1,
fe80::210:83ff:fe01:3bb8#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface lo,
127.0.0.1#123 Enabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth1,
192.168.13.254#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth1:vpn-wifi-2, 192.168.13.253#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0,
192.168.1.10#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0:srvscanner, 192.168.2.4#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0:srv-ntp-2, 192.168.2.9#123 Enabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0:srvdns-2, 192.168.2.17#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0:srvsmtp-1, 192.168.2.19#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0:srvmail-3, 192.168.2.20#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: Listening on interface
eth0:srvwins-1, 192.168.2.22#123 Disabled
Nov 1 07:27:32 [EMAIL PROTECTED]/obiwan ntpd[11742]: kernel time sync status
0040
I
It seems that ntp listen only on 192.168.2.9, because it
is an alias interface as specifed in command line, but....
The problem is about the netstat command.
It seems all sockets are still open
-> netstat -a |grep ntp
udp 0 0 srvwins-1.belinda:ntp *:*
udp 0 0 srvmail-3.belinda:ntp *:*
udp 0 0 srvsmtp-1.belinda:ntp *:*
udp 0 0 srvdns-2.belinda:ntp *:*
udp 0 0 srv-ntp-2.belinda:ntp *:*
udp 0 0 srvscanner.belinda:ntp *:*
udp 0 0 obiwan.belinda:ntp *:*
udp 0 0 192.168.13.253:ntp *:*
udp 0 0 obiwan-eth1.belinda:ntp *:*
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*
udp6 0 0 fe80::210:83ff:fe01:ntp *:*
udp6 0 0 ip6-localhost:ntp *:*
udp6 0 0 fe80::5054:ff:feeb::ntp *:*
udp6 0 0 *:ntp *:*
Are you sure all socket marked as 'disabled ' in syslog is closed ?
best regards
--
