Difference between revisions of "Bering-uClibc 4.x - User Guide - Basic Configuration - Setup a small timeserver"

From bering-uClibc
Jump to: navigation, search
(formatting)
(Navigation links for new Prev chapter)
 
(8 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
! colspan="3" align="center" | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Setup a small timeserver|Basic Configuration - Setup a small timeserver]]
 
! colspan="3" align="center" | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Setup a small timeserver|Basic Configuration - Setup a small timeserver]]
 
|-
 
|-
| width="20%" align="left"  | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Log Files|Prev]]
+
| width="20%" align="left"  | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Email Alerts|Prev]]
 
! width="60%" align="center" | [[Bering-uClibc 4.x - User Guide]]
 
! width="60%" align="center" | [[Bering-uClibc 4.x - User Guide]]
| width="20%" align="right"  | [[Using_Dropbear_-_a_small_SSH_replacement|Next]]
+
| width="20%" align="right"  | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Using Dropbear - a small SSH replacement|Next]]
 
|}
 
|}
 
----
 
----
Line 14: Line 14:
 
This instructions explain, how to make shure, you have the exact time (UTC)
 
This instructions explain, how to make shure, you have the exact time (UTC)
 
on your router and to optionally act as a timeserver for the local net. We
 
on your router and to optionally act as a timeserver for the local net. We
use by default the busybox applet <code class="filename">ntpd</code> to achieve that goals, though you can replace it with a package providing the full-fledged ntp from [http://ntp.org ntp.org] (ntp.lrp).
+
use by default the busybox applet <code class="filename">ntpd</code> to achieve that goals, though you can replace it with a package providing the full-fledged ntp from [http://ntp.org ntp.org] (<code class="filename">ntp.lrp</code>).
  
 
The ntpd applet is part of the core and already installed after you boot
 
The ntpd applet is part of the core and already installed after you boot
Line 22: Line 22:
  
 
==Installation==
 
==Installation==
The binary ntpd is part of the default distribution and already installed.  
+
The binary <code class="filename">ntpd</code> is part of the default distribution and already installed.  
To make use ntpd you have to make shure that the Package bbntpd.lrp is loaded (through leaf.cfg).
+
To make use <code class="filename">ntpd</code> you have to make shure that the Package <code class="filename">bbntpd.lrp</code> is loaded (through <code class="filename">leaf.cfg</code>).
bbntpd.lrp provides the init script, that starts ntpd and the configuration file.
+
<code class="filename">bbntpd.lrp</code> provides the init script, that starts <code class="filename">ntpd</code> and the configuration file.
  
 
==Configuring ntpd==
 
==Configuring ntpd==
  
/etc/default/ntpd is only configuration file you may want to touch - you
+
<code class="filename">/etc/default/ntpd</code> is the only configuration file you need to touch - you
 
can add more upstream servers and en/disable ntpd as timeserver for your LAN,
 
can add more upstream servers and en/disable ntpd as timeserver for your LAN,
or preventing to run the ntpd applet at all. The latter is important, of
+
or preventing to run the ntpd applet at all. The latter is important, if
you want to use ntp.lrp.
+
you want to use the full-fledged <code class="filename">ntp.lrp</code> Package.
  
 
To enable ntpd change
 
To enable ntpd change
Line 50: Line 50:
 
pool.ntp.org. (e.g. 0.pool.ntp.org, 1.pool.ntp.org) You can add as much
 
pool.ntp.org. (e.g. 0.pool.ntp.org, 1.pool.ntp.org) You can add as much
 
peers as you want. Though the default should work sufficiently.
 
peers as you want. Though the default should work sufficiently.
 
  
 
==Open your firewall for time services==
 
==Open your firewall for time services==
Line 58: Line 57:
 
The first one is open by default with recent versions of Bering-uClibc, to
 
The first one is open by default with recent versions of Bering-uClibc, to
 
allow access from the LAN to the firewall/router you have to outcomment the
 
allow access from the LAN to the firewall/router you have to outcomment the
according entry in /etc/shorewall/rules.
+
according entry in <code class="filename">/etc/shorewall/rules</code>.
  
 
  # timeserver (allow syncing with time servers (default: pool.ntp.org))
 
  # timeserver (allow syncing with time servers (default: pool.ntp.org))
Line 68: Line 67:
 
==Further readings==
 
==Further readings==
 
For more information see:
 
For more information see:
ntp.org - the home of the Network Time Protocol project with an extensive
+
 
 +
[http://ntp.org ntp.org] - the home of the Network Time Protocol project with an extensive
 
documentation.
 
documentation.
The NTP FAQ and HOWTO - "A first try on a non-technical Mini-HOWTO and FAQ
+
 
on NTP"
+
The [http://www.ntp.org/ntpfaq/NTP-a-faq.htm NTP FAQ and HOWTO] - "A first try on a non-technical Mini-HOWTO and FAQ on NTP"
  
 
----
 
----
 
{| summary="Navigation footer" width="100%"
 
{| summary="Navigation footer" width="100%"
| width="40%" align="left"  | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Log Files|Prev]]
+
| width="40%" align="left"  | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Email Alerts|Prev]]
 
| width="20%" align="center" | [[Bering-uClibc 4.x - User Guide - Basic Configuration|Up]]
 
| width="20%" align="center" | [[Bering-uClibc 4.x - User Guide - Basic Configuration|Up]]
| width="40%" align="right"  | [[Using_Dropbear_-_a_small_SSH_replacement|Next]]
+
| width="40%" align="right"  | [[Bering-uClibc 4.x - User Guide - Basic Configuration - Using Dropbear - a small SSH replacement|Next]]
 
|}
 
|}
  
 
[[Category:Bering-uClibc 4.x]]
 
[[Category:Bering-uClibc 4.x]]
 
[[Category:User Guide]]
 
[[Category:User Guide]]

Latest revision as of 21:02, 24 December 2011

Basic Configuration - Setup a small timeserver
Prev Bering-uClibc 4.x - User Guide Next

Objective

It is important on routers and firewalls to have the exact time. It starts while reviewing your log files and ends with some applications that won't even start properly without having the correct time (e.g. openvpn).

This instructions explain, how to make shure, you have the exact time (UTC) on your router and to optionally act as a timeserver for the local net. We use by default the busybox applet ntpd to achieve that goals, though you can replace it with a package providing the full-fledged ntp from ntp.org (ntp.lrp).

The ntpd applet is part of the core and already installed after you boot your router. If enabled (see below), it sets the time with the information provided by two upstream servers and listen on all ports to serve clients in your LAN with the correct time.

Installation

The binary ntpd is part of the default distribution and already installed. To make use ntpd you have to make shure that the Package bbntpd.lrp is loaded (through leaf.cfg). bbntpd.lrp provides the init script, that starts ntpd and the configuration file.

Configuring ntpd

/etc/default/ntpd is the only configuration file you need to touch - you can add more upstream servers and en/disable ntpd as timeserver for your LAN, or preventing to run the ntpd applet at all. The latter is important, if you want to use the full-fledged ntp.lrp Package.

To enable ntpd change

NTPDRUN="no"

to

NTPDRUN="yes"

With NTPDOPTS you can change the way ntpd works.

The option "-l" activates ntpd to act as timeserver for your LAN. If don't need that, just remove "-l" from NTPDOPTS.

To get the exact time, you have to synchronize with peers from a group of so-called stratum 2 timeservers. A good place to start is the pool at pool.ntp.org (see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers). The default settings calls at least two peers from the pool. Each peer is added with the "-p" option followed by a number from pool.ntp.org. (e.g. 0.pool.ntp.org, 1.pool.ntp.org) You can add as much peers as you want. Though the default should work sufficiently.

Open your firewall for time services

ntpd needs open ports for ntp from the firewall to the net, to sync your router with the peers on the net, and to allow a connection from your LAN clients to your timeserver on the router. The first one is open by default with recent versions of Bering-uClibc, to allow access from the LAN to the firewall/router you have to outcomment the according entry in /etc/shorewall/rules.

# timeserver (allow syncing with time servers (default: pool.ntp.org))
NTP(ACCEPT)         fw       net
# timeserver (allow LAN clients to sync with the time service on this
machine) )
# NTP(ACCEPT)         loc    fw

Further readings

For more information see:

ntp.org - the home of the Network Time Protocol project with an extensive documentation.

The NTP FAQ and HOWTO - "A first try on a non-technical Mini-HOWTO and FAQ on NTP"


Prev Up Next