Use with two interfaces
Karl Schmidt
karl at lrak.net
Fri Jun 30 19:30:44 UTC 2023
Thanks - restrict 192.168.0/22 fixed it -- miscalculated the submask..
From the stock config:
tos maxclock 11
tos minclock 4 minsane 3
Working now - but to clean this up
The other settings are now just cruft?
broadcast ?
broadcastclient ?
ntpsigndsocket ?
restrict default mssntp ?
On 6/30/23 01:21PM, James Browning via users wrote:
> On Jun 30, 2023 02:01, Karl Schmidt via users <users at ntpsec.org> wrote:
>
> I have a server that provides time to a network 192.168.1.0 - I have a second network on a physically separate NIC of
> 192.168.2.0. Thus the server has two IP addresses.
>
> My config works for the one NIC but not the other?
>
>
>
>
> I'm not finding the docs for the configuration of the server - but I have added this to the bottom of the stock Debian
> config:
> ----------------------%<---------------------------------------------
> # Local users may interrogate the ntp server more closely.
> restrict 127.0.0.1
> restrict 192.168.1.0/23
> restrict ::1
>
> # Needed for adding pool entries
> restrict source notrap nomodify noquery
>
> # Clients from this (example!) subnet have unlimited access, but only if
> # cryptographically authenticated.
> #restrict 192.168.123.0 mask 255.255.255.0 notrust
>
>
> # If you want to provide time to your local subnet, change the next line.
> # (Again, the address is an example only.)
> broadcast 192.168.1.0/23
>
>
> # If you want to listen to time broadcasts on your local subnet, de-comment the
> # next lines. Please do this only if you trust everybody on the network!
> disable auth
> broadcastclient
>
> ntpsigndsocket /run/samba/ntp_signd
>
> restrict default mssntp
>
> -----------------------------------------------------------------------
>
>
> I think the restrict line should be
> restrict 192.168.0/22
>
> I don't see any time servers, 'tos orphan', or wrangling of minclock/minsane.
>
> The lack of a clear goal and logs are not particularly helpful.
>
>
> _______________________________________________
> users mailing list
> users at ntpsec.org
> https://lists.ntpsec.org/mailman/listinfo/users
--
--------------------------------------------------------------------------------
Karl Schmidt EMail karl at lrak.net
3209 West 9th Street Ph (785) 841-3089
Lawrence, KS 66049
The point of modern propaganda isn't only to misinform or push an agenda.
It is to exhaust your critical thinking, to annihilate truth.
- Gary Kasparov
--------------------------------------------------------------------------------
More information about the users
mailing list