Bering-uClibc 4.x - User Guide - Basic Configuration - Setup a small timeserver
Basic Configuration - Setup a small timeserver | ||
---|---|---|
Prev | Bering-uClibc 4.x - User Guide | Next |
Contents
Objective
It is important on routers and firewalls to have the exact time. It starts while reviewing your log files and ends with some applications that won't even start properly without having the correct time (e.g. openvpn).
This instructions explain, how to make shure, you have the exact time (UTC)
on your router and to optionally act as a timeserver for the local net. We
use by default the busybox applet ntpd
to achieve that goals, though you can replace it with a package providing the full-fledged ntp from ntp.org (ntp.lrp
).
The ntpd applet is part of the core and already installed after you boot your router. If enabled (see below), it sets the time with the information provided by two upstream servers and listen on all ports to serve clients in your LAN with the correct time.
Installation
The binary ntpd
is part of the default distribution and already installed.
To make use ntpd
you have to make shure that the Package bbntpd.lrp
is loaded (through leaf.cfg
).
bbntpd.lrp
provides the init script, that starts ntpd
and the configuration file.
Configuring ntpd
/etc/default/ntpd
is the only configuration file you need to touch - you
can add more upstream servers and en/disable ntpd as timeserver for your LAN,
or preventing to run the ntpd applet at all. The latter is important, if
you want to use the full-fledged ntp.lrp
Package.
To enable ntpd change
NTPDRUN="no"
to
NTPDRUN="yes"
With NTPDOPTS you can change the way ntpd works.
The option "-l" activates ntpd to act as timeserver for your LAN. If don't need that, just remove "-l" from NTPDOPTS.
To get the exact time, you have to synchronize with peers from a group of so-called stratum 2 timeservers. A good place to start is the pool at pool.ntp.org (see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers). The default settings calls at least two peers from the pool. Each peer is added with the "-p" option followed by a number from pool.ntp.org. (e.g. 0.pool.ntp.org, 1.pool.ntp.org) You can add as much peers as you want. Though the default should work sufficiently.
Open your firewall for time services
ntpd needs open ports for ntp from the firewall to the net, to sync
your router with the peers on the net, and to allow a
connection from your LAN clients to your timeserver on the router.
The first one is open by default with recent versions of Bering-uClibc, to
allow access from the LAN to the firewall/router you have to outcomment the
according entry in /etc/shorewall/rules
.
# timeserver (allow syncing with time servers (default: pool.ntp.org)) NTP(ACCEPT) fw net # timeserver (allow LAN clients to sync with the time service on this machine) ) # NTP(ACCEPT) loc fw
Further readings
For more information see:
ntp.org - the home of the Network Time Protocol project with an extensive documentation.
The NTP FAQ and HOWTO - "A first try on a non-technical Mini-HOWTO and FAQ on NTP"
Prev | Up | Next |