HOWTO: Run Your Own NTP Server When Your ISP Blocks Ports

This one racked my brain quite a bit, so I hope you enjoy the solution

The Problem

My problem is that I wanted to play nice with other people’s time servers. I have a small local network, and at any time I can have 5 devices (2 routers, up to 3 computers) that will want to synchronize their clocks with a time server. I could sick them all on one time server, but that might verge on me getting an IP ban. (NTP’s minimum of 64 seconds between queries / 5 machines = me hitting a server every 21 seconds on average.) I could pull from a pool, but every computer might “jitter” as they’re pulling their time from all over the country.

The Solution

The solution in this case is to set up your own NTP server that synchronizes with another server over the internet, and then have all the machines on your local network poll that machine. HOWEVER, if you’re using cable broadband, your ISP is most likely blocking anyone from accessing ports below 1024. I’m sure some DSL providers do so as well, but the rule of thumb goes that cable providers block access while DSL providers do not.

Well, that just throws a wrench in our gears, no doesn’t it? Well, it doesn’t have to. There’s another solution if time synchronization isn’t overly critical.

Step 1: Configure An NTP Server

Yes, you still need an NTP server, but in this case we’re going to have our NTP server synchronize with itself. Sounds odd, I know, but at least it gives us an NTP server for our local network.

We’ll also make sure we have NTPDATE, so we can periodically adjust the clock against a real time server.

Install NTP:
sudo apt-get install ntp ntpdate

Stop the NTP server:
sudo /etc/init.d/ntp stop

Edit NTP’s config file:
sudo nano /etc/ntp.conf

Add the following lines to have the NTP server reference itself:
server 127.127.1.1
fudge 127.127.1.1 stratum 14 refid NIST

Before bringing NTP back up, configure NTPDATE:
sudo nano /etc/default/ntpdate

Make these three changes in the file:
NTPDATE_USE_NTP_CONF=no
NTPSERVERS="chosen.ntp.server"
NTPOPTIONS="-u"

Get your original synchronization before starting NTP:
(run this command a few times until the offset settles down)
ntpdate -u chosen.ntp.server

Make a crontab so we can keep our NTP server in line with time:
sudo nano /etc/cron.d/synctime

Put the following line in the file and save:
(This calls a script that shuts ntp down, calls ntpdate, and then starts ntp again. It’s meant to be used when bringing network interfaces up, but there’s nothing wrong with calling on it here.)
* */4 * * * root /etc/network/if-up.d/ntpdate

Start the NTP server:
sudo /etc/init.d/ntp start

Watch the NTP server:
watch 'sh -c "ntpq -p -c as && echo && ntptrace"'

When you see the parts in bold, your NTP server is ready:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LOCAL(1)        .NIST.          14 l   30   64   17    0.000    0.000   0.001

ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 47409  9614   yes   yes  none  sys.peer   reachable  1

localhost: stratum 15, offset 0.000000, synch distance 0.948602
Step 2: Configure Your Local Computers.

You’re now ready to set your computers up to use your NTP server. However, keep in mind that commercial operating systems like Mac OS X and Windows use SNTP not NTP. The difference is that NTP tries to keep the client’s time as accurate as possible by taking into account various factors such as how fast or slow that hardware clock is and the lag is from the internet connection. SNTP just jumps to whatever time it gets.

Linux, however, gives you a choice. And honestly, NTP is way too much for most home users. Also keep in mind that if we did use NTP in this case, we would be synchronizing one “inaccurate” clock against another. The best deal is to go with SNTP, but the obvious answer of searching for an SNTP package is wrong. All you have to do is configure the client machines to run NTPDATE like you did with NTP server.

Configure NTPDATE on the client machines:
sudo nano /etc/default/ntpdate

Make these three changes in the file:
NTPDATE_USE_NTP_CONF=no
NTPSERVERS="your.ntp.server"
NTPOPTIONS="-u"

Get your original synchronization:
ntpdate -u your.ntp.server

Make a crontab so we can keep our client machines in line with time:
sudo nano /etc/cron.d/synctime

Put the following line in the file and save:
(This calls a script that shuts ntp down, calls ntpdate, and then starts ntp again. It’s meant to be used when bringing network interfaces up, but there’s nothing wrong with calling on it here.)
* */4 * * * root /etc/network/if-up.d/ntpdate

Perhaps, one day, GNOME’s GUI for time synchronization with allow you to choose full NTP or SNTP with NTPDATE, and do all of this messing around with crontabs for you. But for now, the power is yours whether you want it or not.

Advertisements