NTP Server is very useful If you have lots of server and desktop system. Your NTP server contacts a central NTP server, provided by your ISP or a public time server located at ntp.org, to obtain accurate time data. The server then allows other machines on your network to request the time data. The server then allows other machines on your network to request the time data.

Consider the following sample setup:

192.168.10.50           ==> CentOS / Fedora / RHEL NTPD Server.

202.54.1.500            ==> ISP remote NTP server.

192.168.10.0/24      ==> NTP clients including desktop systems.

First, install and enable ntpd on 192.168.10.50:
[root@server~]# yum install ntp
[root@server~]# chkconfig ntpd on

Now open /etc/ntp.conf:
[root@server~]# vim /etc/ntp.conf

Make sure the following line exits:
restrict default ignore

Above will deny all access to any machine, server or client. However, you need to specifically authorized policy settings. Set it as follows:

restrict 202.54.1.50 mask 255.255.255.245 nomodify notrap noquery

server 202.54.1.50

Replace 202.54.1.50 and mask with actual remote ISP or ntp.org NTP server IP.

Save and close the file.

Configure NTP clients to access your NTP Server

Now, you need to allow legitimate NTP clients to access the Server. For example, allow 192.168.10.0/24 network to synchronize to this server located at 192.168.10.50. Open /etc/ntp.conf and add policy as follows:

# Hosts on local network are less restricted.

restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap

Update your firewall settings, open /etc/sysconfig/iptables.
[root@server~]# vim  /etc/sysconfig/iptables
Add the following line, before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain:

-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state –state NEW -p udp –dport 123 -j ACCEPT

Save and close the file. Finally, start ntpd:
[root@server~]# service ntpd start
[root@server~]# service iptables restart
[root@server~]# netstat -tulpn

Posted in: Linux.
Last Modified: January 12, 2017

Leave a reply