Bering-uClibc 5.x - User Guide - Basic Configuration - Setup a small timeserver

From bering-uClibc
Jump to: navigation, search
Basic Configuration - Setup a small timeserver
Prev Bering-uClibc 5.x - User Guide Next

Objective

It is important on routers and firewalls to have the exact time. It starts while reviewing your log files and ends with some applications that won't even start properly without having the correct time (e.g. openvpn).

This instructions explain, how to make shure, you have the exact time (UTC) on your router and to optionally act as a timeserver for the local net. We use by default the busybox applet ntpd to achieve that goals, though you can replace it with a package providing the full-fledged ntp from ntp.org (ntp.lrp).

The busybox ntpd applet is part of the core and already installed after you boot your router. If enabled (see below), it sets the time with the information provided by two upstream servers and listen on all ports to serve clients in your LAN with the correct time.

Installation

The binary ntpd is part of the default distribution and already installed. To make use ntpd you have to make shure that the Package bbntpd.lrp is loaded (through leaf.cfg). bbntpd.lrp provides the init script, that starts ntpd and the configuration file.

Configuring ntpd

/etc/default/ntpd is the only configuration file you need to touch - you can add more upstream servers and en/disable ntpd as timeserver for your LAN, or preventing to run the ntpd applet at all. The latter is important, if you want to use the full-fledged ntp.lrp Package.

To enable ntpd change

NTPDRUN="no"

to

NTPDRUN="yes"

With NTPDOPTS you can change the way ntpd works.

The option "-l" activates ntpd to act as timeserver for your LAN. If don't need that, just remove "-l" from NTPDOPTS.

To get the exact time, you have to synchronize with peers from a group of so-called stratum 2 timeservers. A good place to start is the pool at pool.ntp.org (see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers). The default settings calls at least two peers from the pool. Each peer is added with the "-p" option followed by a number from pool.ntp.org. (e.g. 0.pool.ntp.org, 1.pool.ntp.org) You can add as much peers as you want. Though the default should work sufficiently.

Open your firewall for time services

ntpd needs open ports for ntp from the firewall to the net, to sync your router with the peers on the net, and to allow a connection from your LAN clients to your timeserver on the router. The first one is open by default with recent versions of Bering-uClibc, to allow access from the LAN to the firewall/router you have to outcomment the according entry in /etc/shorewall/rules.

# timeserver (allow syncing with time servers (default: pool.ntp.org))
NTP(ACCEPT)         fw       net
# timeserver (allow LAN clients to sync with the time service on this
machine) )
# NTP(ACCEPT)         loc    fw

Further readings

For more information see:

ntp.org - the home of the Network Time Protocol project with an extensive documentation.

The NTP FAQ and HOWTO - "A first try on a non-technical Mini-HOWTO and FAQ on NTP"


Prev Up Next