Hi, I have setup Ipfire to automatically update the time settings each day from 0.ipfire.pool.ntp.org or 1.ipfire.pool.ntp.org and to act as the NTP time server to all green systems.
The local machines can all get the time from the firewall but it would seem that the firewall is not updating correctly and since the systems have different NTP update periods (that I have no control of) they are sometimes different causing “make” to complain.
I’ve encountered during last few days (thursday, friday) some NTP data issues (updating from NTP server caused wrong time on the Virtualizer, OS, or appliance), using NTP servers in Europe, and only on a couple of system
Maybe it’s unrelated…
you may want to add your NTP configuration (menu Services > Time Server) and your NTP messages (menu Logs > System Logs >> Section NTP) to this thread to help debug.
All done as above but Ipfire is still not a true NTP client. (it is a Simple NTP client - SNTP)
Once an hour (the shortest interval allowed) my firewall does a hard time synch to the chosen upstream server and then proceeds to drift off frequency for an hour until the next update.
A true NTP client will want to see multiple upstream servers and then will start off synching to them at 64 second intervals and as the internal clock adjusts itself, will slow to about every 17 minutes.
Hmm. I had similar problem after installation. I added manually some time servers into /etc/ntp.conf, and restarted ntpd. Now ntpq -p -n gives reasonable output. Maybe this could be documented on the Services → NTP Configuration page?
Hi Juha - Thank you for your post. Please take a moment to update and improve the NTP IPFire Wiki page. It is open to you (and everyone else) to improve and make better. You would login using the same ID and password as this Community.
If you have issues or questions, feel free to post a question. I’d be happy to help!
Well… What I would really want, is that the Services → Time Server cgi-script would install those Primary and Secondary NTP servers into /etc/ntp.conf. This is also what I think users expect. If this were done, there would be no need for manual editing. And we could get rid of the Synchronization dialog, because synchronization is just what real NTP is for .
For the purpose of verification, it would be useful to let ntpd produce statistics. It takes a few more lines in /etc/ntp.conf. Here is a nice picture of how it works after I made these changes i my system:
I think I am correct but if someone knows better I am all ears.
Works perfectly.
You may need to restart all hosts behind the firewall to pick up setting as they will all be syncing with their local clock. As far as I can see NTP is not working on IPFire and never has. THink I had to make the same changes to my IPCop install as well!