Re: [chrony-users] Run chrony without acting as a NTP server |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
On Wed, 8 Jan 2014, wilhelm schuster wrote:
Hi,
I only recently switched from openntpd to chrony because it failed to set
the clock correctly on my system and isn't maintained anymore for linux. I
want to run chrony just as an "client" to sync the clock on the computer
it's running on.
My problem is, that in my default configuration, chronyd starts listening
on the wildcard addresse *:123/:::123 (NTP) and *:323/:::323 (chronyc). I
think that it's unnecessary to have these ports open, since I don't have
any ntp-client that may connect to chrony.
Is it possible to stop chrony from listening on any network interface?
Why does it matter? Anyway, look at the
deny
command.
deny all
should stop any outside system from being able to access chrony.
Note that 123 IS the ntp/chrony access port and nothing else should ever use
that. And remember that all that means is that if a message comes into that
port, chrony is the program that is listening on that port. An open port does
not mean anything except to tell the system "If some packet has that port
address, send it to chrony for taking care of it." By "deny all" you tell
chrony to ignore anything that comes in.
I coulnd't find a direct answer to the above question and than thought,
that I can at least stop chrony from listening on public interfaces and
added the following line to the configuration file:
It does not listen. Your system listens and directs stuff coming in to that
port to chrony. But your computer ALWAYS listens to all ports.
bindaddress 127.0.0.1
bindaddress ::1
That way I had chrony listening only on localhost. But since that change
weird messages appeared in the logs:
...
Could not send to 62.113.250.37:123 : Invalid argument
Could not send to 83.170.1.42:123 : Invalid argument
Could not send to 198.199.111.124:123 : Invalid argument
Remember that chrony HAS to be able to receive packets coming in to responses
it sends out. You cannot have chrony never listening to anything.
...
After some investigation I found out that these messages stopped after I
removed the "bindaddress"-clauses from the configuration file. I think that
these IP-addresses are NTP-servers that chrony tries to connect to and
probably fails. The reason for that seems to be, that it is running on
Yes. it had better get its time from somewhere.
localhost. I'm not 100% sure that that is the cases, since I couldn't find
Look in /etc/chrony.conf to see what the servers are it is trying to contact.
anyone having a similar problem. Besides that, if it's true, I think that
"Invalid argument" is a bit misleading.
If I can't have chrony to stop listening on an interface, can I at least
have it to listen on localhost and just connect to public NTP servers on a
public network interface to sync the time?
Sincerely, Wilhelm Schuster.
--
William G. Unruh | Canadian Institute for| Tel: +1(604)822-3273
Physics&Astronomy | Advanced Research | Fax: +1(604)822-5324
UBC, Vancouver,BC | Program in Cosmology | unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1 | and Gravity | www.theory.physics.ubc.ca/
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.