NTP Server configuration- not working?

[liukuohao]

Hi,

I run into a stumbling block here....does anyone know why I could not get NTP service to be working?

By default, FreeNAS has a 3 NTP servers already configure, namely....
0.freebsd.pool.ntp.org
1.freebsd.pool.ntp.org
2.freebsd.pool.ntp.org

I check the connection using PING command in windows command prompt.
The connection is fully established, there are responses- see the attached jpg
below.

But in FreeNAS web GUI, the response is- "Server could not be reached"
Why? Did I screw up any configuration to cause this happen?

Thank you.

 

[cyberjock]

What happens if you ping from the FreeNAS command line?

 

[liukuohao]

@cyberjock, thanks for the tip!

Silly me!!!, I did not configure the default getaway, so basically,
the packets does not know, how to travel from local network
to the outside world (WAN). Once the default getaway was given
an IP address of my firewall = 192.168.1.1 (my firewall is acting as a default getaway)
then the NTP service works!!!

 

[liukuohao]

;) Actually, the information is kind of reveal it itself to me
on page 89 of FreeNAS 8.3.1 User guide as to why
default gateway's IP address was configured by default installation.

See below:

NOTE: In many cases, a FreeNAS® configuration will deliberately exclude default gateway information as a way to make it more difficult for a remote attacker to communicate with the server. While this is a reasonable precaution, such a configuration does not restrict inbound traffic from sources within the local network. However, omitting a default gateway will prevent the FreeNAS® system from communicating with DNS servers, time servers, and mail servers that are located outside of the local network. In this case, it is recommended that Static Routes be added in order to reach external DNS, NTP, and mail servers which are configured with static IP addresses.

 

[Spearfoot]

I have a default gateway defined, but I still get the "Server could not be reached error" the OP describes here. I found this related bug report:

https://bugs.freenas.org/issues/2453#change-52821

And found out that the ntpq query described there fails both for my NTP server and the 3 default servers provided with FreeNAS, like this:

Code:

[root@boomer]# ntpq -c rv 1.freebsd.pool.ntp.org
1.freebsd.pool.ntp.org: timed out, nothing received
***Request timed out

(Note that I can successfully ping all of the NTP hosts in question.)

 

[rogerh]

I have a default gateway defined, but I still get the "Server could not be reached error" the OP describes here. I found this related bug report:

https://bugs.freenas.org/issues/2453#change-52821

And found out that the ntpq query described there fails both for my NTP server and the 3 default servers provided with FreeNAS, like this:

Code:

[root@boomer]# ntpq -c rv 1.freebsd.pool.ntp.org
1.freebsd.pool.ntp.org: timed out, nothing received
***Request timed out

(Note that I can successfully ping all of the NTP hosts in question.)

As I read that bug report, ntpq is no longer used, but has been replaced by ntpdate. Have you tried ntpdate, I am not sure of the syntax? In fact I thought ntpdate was deprecated, but maybe not in FreeBSD. And of course you can't use ntpdate while ntpd is running, as it is intended to be used before it starts. 'ntpq -c rv' works fine on my local ntp server, but it doesn't appear to set local time, just collect a load of data from the ntp server. You won't find many public ntp servers responding to ntpq nowadays as this enabled a packet amplification attack.

Edit: I note you can't contact your local ntp server either. This could be server configuration, but it could be the ntp port being blocked somewhere. You could stop ntpd and try ntpdate. Or you could try 'telnet <yourntpserver> 123'. If your ntp server is on the local subnet it seems likely a) it isn't configured to allow ntpq queries from any other hosts and b) WAN ntp traffic is being blocked somewhere. Telnet may elucidate this.

 

[Spearfoot]

Thanks for your reply. And I apologize for not being more clear about the actual problem.

As far as I can tell, NTP itself is working just fine, sourcing time updates from my local time server. It's the FreeNAS GUI that's not working correctly. It gives me the 'Server cannot be reached" error for every server I've tried, including the well-known ones like pool.ntp.org as well as the three defaults provided with FreeNAS (see screenshot below).

Nevertheless, if I force the GUI to add my time server to the pool (and set it as the preferred source), it works fine. Or at least that's what I think the ntpq command results below are telling me (my time server is at IP 192.168.1.10):

Code:

# ntpq -c rv
assID=0 status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.4p5-a (1)", processor="amd64",
system="FreeBSD/9.3-RELEASE-p16", leap=00, stratum=5, precision=-21,
rootdelay=51.203, rootdispersion=376.950, peer=14693,
refid=192.168.1.10,
reftime=d9581562.f997f265  Mon, Jul 20 2015 19:48:34.974, poll=7,
clock=d9581751.aaf1e1b4  Mon, Jul 20 2015 19:56:49.667, state=4,
offset=1.745, frequency=17.979, jitter=0.140, noise=0.231,
stability=0.008, tai=0

 

[rogerh]

Thanks for your reply. And I apologize for not being more clear about the actual problem.

As far as I can tell, NTP itself is working just fine, sourcing time updates from my local time server. It's the FreeNAS GUI that's not working correctly. It gives me the 'Server cannot be reached" error for every server I've tried, including the well-known ones like pool.ntp.org as well as the three defaults provided with FreeNAS (see screenshot below).
View attachment 8227

Nevertheless, if I force the GUI to add my time server to the pool (and set it as the preferred source), it works fine. Or at least that's what I think the ntpq command results below are telling me (my time server is at IP 192.168.1.10):

Code:

# ntpq -c rv
assID=0 status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.4p5-a (1)", processor="amd64",
system="FreeBSD/9.3-RELEASE-p16", leap=00, stratum=5, precision=-21,
rootdelay=51.203, rootdispersion=376.950, peer=14693,
refid=192.168.1.10,
reftime=d9581562.f997f265  Mon, Jul 20 2015 19:48:34.974, poll=7,
clock=d9581751.aaf1e1b4  Mon, Jul 20 2015 19:56:49.667, state=4,
offset=1.745, frequency=17.979, jitter=0.140, noise=0.231,
stability=0.008, tai=0

Well the GUI works ok here, with the latest 9.3 STABLE update. I don't think your problem is anything to do with the bug you mentioned above. It must be either a new bug or some sort of networking problem.

 

[Spearfoot]

@rogerh, I believe you are right! I can ping the time servers, and if I force them into the list, FreeNAS seems to connect to them just fine. I have no idea why the GUI sometimes gives me the error message.

So I'm beginning to think it's just an anomaly of my particular system. Will dig into this further, as time permits.