From your email on Sep 8th: > chronyc sources > 210 Number of sources = 4 > MS Name/IP address Stratum Poll Reach LastRx Last sample > =============================================================================== > ^? host3.nuagelibre.org <http://host3.nuagelibre.org/> 0 8 0 > 10y +0ns[ +0ns] +/- 0ns > ^? tomia.ordimatic.net <http://tomia.ordimatic.net/> 0 8 0 > 10y +0ns[ +0ns] +/- 0ns > ^? ntp.tuxfamily.net <http://ntp.tuxfamily.net/> 0 8 0 > 10y +0ns[ +0ns] +/- 0ns > ^? ns346276.ip-94-23-32.eu <http://ns346276.ip-94-23-32.eu/> 0 8 > 0 10y +0ns[ +0ns] +/- 0ns
Which indicates Chrony is working, but is not getting a response from the time pool. You mentioned that the firewall team told you that port 123 is open, but this is not enough (intact may be unnecessary). Chrony uses a unprivileged port ( > 1024) to connect to port 123 on the ntp pool server. What needs to happen is the firewall needs to track this connection and allow a udp packet back form the source port 123 to your server, to the unprivileged port chrony used to send the request out. This requires a stateful firewall or one that tracks the connection. In the case of Cisco routers they can use ip inspect command, but it depends on the firewall they are using as to how they would accomplish this. > On Sep 13, 2015, at 4:57 AM, Patrick Dupre <pdu...@gmx.com> wrote: > > Hello, > > Following the previous email exchange, what is the next step? > Is the issue clearly identified? > Do I need to run more tests? > > Thank. > > =========================================================================== > Patrick DUPRÉ | | email: pdu...@gmx.com > Laboratoire de Physico-Chimie de l'Atmosphère | | > Université du Littoral-Côte d'Opale | | > Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 > 189A, avenue Maurice Schumann | | 59140 Dunkerque, France > =========================================================================== > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
