Use with two interfaces

Karl Schmidt karl at lrak.net
Fri Jun 30 19:30:44 UTC 2023 

Thanks - restrict 192.168.0/22 fixed it -- miscalculated the submask..

 From the stock config:

tos maxclock 11
tos minclock 4 minsane 3


Working now - but to clean this up

The other settings are now just cruft?

broadcast ?

broadcastclient ?

ntpsigndsocket ?

restrict default mssntp ?




On 6/30/23 01:21PM, James Browning via users wrote:
> On Jun 30, 2023 02:01, Karl Schmidt via users <users at ntpsec.org> wrote:
> 
>     I have a server that provides time to a network 192.168.1.0 - I have a second network on a physically separate NIC of
>     192.168.2.0.  Thus the server has two IP addresses.
> 
>     My config works for the one NIC but not the other?
> 
> 
> 
> 
>     I'm not finding the docs for the configuration of the server - but I have added this to the bottom of the stock Debian
>     config:
>     ----------------------%<---------------------------------------------
>     # Local users may interrogate the ntp server more closely.
>     restrict 127.0.0.1
>     restrict 192.168.1.0/23
>     restrict ::1
> 
>     # Needed for adding pool entries
>     restrict source notrap nomodify noquery
> 
>     # Clients from this (example!) subnet have unlimited access, but only if
>     # cryptographically authenticated.
>     #restrict 192.168.123.0 mask 255.255.255.0 notrust
> 
> 
>     # If you want to provide time to your local subnet, change the next line.
>     # (Again, the address is an example only.)
>     broadcast 192.168.1.0/23
> 
> 
>     # If you want to listen to time broadcasts on your local subnet, de-comment the
>     # next lines.  Please do this only if you trust everybody on the network!
>     disable auth
>     broadcastclient
> 
>     ntpsigndsocket /run/samba/ntp_signd
> 
>     restrict default mssntp
> 
>     -----------------------------------------------------------------------
> 
> 
> I think the restrict line should be
> restrict 192.168.0/22
> 
> I don't see any time servers, 'tos orphan', or wrangling of minclock/minsane.
> 
> The lack of a clear goal and logs are not particularly helpful.
> 
> 
> _______________________________________________
> users mailing list
> users at ntpsec.org
> https://lists.ntpsec.org/mailman/listinfo/users

-- 
--------------------------------------------------------------------------------
Karl Schmidt                                  EMail karl at lrak.net
3209 West 9th Street                          Ph (785) 841-3089
Lawrence, KS 66049

The point of modern propaganda isn't only to misinform or push an agenda.
It is to exhaust your critical thinking, to annihilate truth.
- Gary Kasparov
--------------------------------------------------------------------------------

More information about the users mailing list