Forums

Resolved
0 votes
I have just converted my firewalls to ClearOS 7.x from 6.x

Was having very poor time sync with ntp. No sooner had the ntp sync been established and becoming stable, when the sync with the server would restart all over again, and again, and again. Never saw that problem with 6.x - what is going on?

A peep at the ntp log revealed all... an example

... snipped
13 Mar 02:38:28 ntpd[2265]: 216.239.35.12 interface 192.168.0.16 -> 192.168.4.16
13 Mar 02:43:28 ntpd[2265]: 216.239.35.12 interface 192.168.4.16 -> 192.168.0.16
13 Mar 02:43:28 ntpd[2265]: 150.101.217.196 interface 192.168.0.16 -> 192.168.4.16
13 Mar 02:48:28 ntpd[2265]: 150.101.217.196 interface 192.168.4.16 -> 192.168.0.16
13 Mar 03:03:28 ntpd[2265]: 150.101.217.196 interface 192.168.0.16 -> 192.168.4.16
13 Mar 03:08:28 ntpd[2265]: 150.101.217.196 interface 192.168.4.16 -> 192.168.0.16
13 Mar 03:33:28 ntpd[2265]: 150.101.217.196 interface 192.168.0.16 -> 192.168.4.16
13 Mar 03:38:28 ntpd[2265]: 150.101.217.196 interface 192.168.4.16 -> 192.168.0.16
13 Mar 03:48:28 ntpd[2265]: 216.239.35.12 interface 192.168.0.16 -> 192.168.4.16
13 Mar 03:53:28 ntpd[2265]: 216.239.35.12 interface 192.168.4.16 -> 192.168.0.16

Yuck...
Since a syswatch restart tends to destroy any custom routes that existed, decided the best way was probably pop the custom host routes into /etc/clearos/firewall.d/local. Therefore any firewall or syswatch restart (which restarts the firewall) would ensure the custom routes would be added, if not already existing... Assigned one ntp server to each external interface for a test...

[root@emma network-scripts]# cat /etc/clearos/firewall.d/local
# This script is run after every firewall restart. Add custom rules here.
# Ensure you use $IPTABLES instead of calling iptables directly if you wish
# to avoid xtable locking problems.
route add -host 216.239.35.12 gw 192.168.0.1
route add -host 150.101.217.196 gw 192.168.4.1

So far - looking good - no interface reassignments and time sync stable with no server sync restarts
Tuesday, March 13 2018, 12:40 AM
Share this post:
Responses (0)
  • There are no replies here yet.
Your Reply