在 centos 6 伺服器中,ntpq -p 命令對我來說逾時。
# ntpq -pn
127.0.0.1: timed out, nothing received
***Request timed out
tcpdump 結果顯示它使用 eth0 而不是環回介面。
14:42:11.392517 IP 10.122.5.2.45969 > 127.0.0.1.ntp: NTPv2, Reserved, length 12
14:42:16.397594 IP 10.122.5.2.45969 > 127.0.0.1.ntp: NTPv2, Reserved, length 12
14:42:29.528535 IP 10.122.5.2.35338 > 127.0.0.1.ntp: NTPv2, Reserved, length 12
看起來好像網路配置有問題。但是哪裡?
我的 ntp.conf 內容。
# cat /etc/ntp.conf
tinker panic 0
driftfile /var/lib/ntp/drift
server x.x.x.x iburst
server x.x.x.x iburst
# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
keys /etc/ntp/keys
答案1
問題是由於 iptables nat 規則錯誤造成的。
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
將目標更改為目標 IP,ntp 開始工作。
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 x.x.x.x