ntpd 的配置
我想做一下NTP的时间服务器,首先我的服务器要能连到一个外部的时间服务器来校准本机的时间,第二部在用本机做成局域网内的一台时间服务器,让局域网内的其它计算机到本机上同步时间,下面是我的要做NTP服务器中的ntp.conf配置文件应该怎么改呢?请各位高手帮助一下。服务器可以上外网:本机IP为192.168.0.209局域网内的是:192.168.0.0段地址。
# Permit time synchronization with our time source,but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface.This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool
server s1a.time.edu.cn
server ntp.sjtu.edu.cn
server s2c.time.edu.cn
#broadcast 192.168.1.255 key 42 #broadcast server
#broadcastclient # broadcastclient
#broadcast 224.0.1.1 key 42 #multicast server
#multicastclient 224.0.1.1 #multicast client
#manycastserver 239.255.254.254 #manycast server
#manycastclient 239.255.254.254 key 42#manycast client
manycastserver 3.cn.pool.ntp.org manycast server
manycastclient 192.168.0.209 key 42 manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
fudge 127.127.1.0 stratum 0
# Drift file.Put this in a directorywhich the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
restrict s1a.time.edu.cn mask 255.255.255.255 nomodify notrap noquery
server s1a.time.edu.cn
server s1c.time.edu.cn
restrict s1c.time.edu.cn mask 255.255.255.255 nomodify notrap noquery
这个网上很多的,做好后注意开防火强就可以了。
给你个我之前写的说明吧。
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
拒絕默認所有ipv4和ipv6用戶訪問本ntp服務器。
restrict 127.0.0.1 放行本機ipv4來源
restrict-6 ::1 放行本機ipv6來源
driftfile /var/lib/ntp/drift
broadcastdelay 0.008 廣播延遲
#broadcast 默認廣播所有網段,不設定可以不予理會。
#authenticate yes 訪問需要認證,這裡不需要啦。
#keys /etc/ntp/keys 存放密鑰文件,這裡不需要啦
restrict 210.72.145.44 允許上層時間服務器能夠與你通信
restrict 64.4.10.33
restrict 172.16.0.0 mask 255.255.0.0 nomodify放行一個B類網段能夠同步時間
restrict 172.16.9.185 放行一台主機能夠同步時間
server 210.72.145.44 prefer 設定同步的上層時間服務器
server 64.4.10.33
當無法與上層同步,則本機就與自己同步為客戶端提供時間同步服務。
server 127.127.1.0 # local clock
fudge127.127.1.0 stratum 10
页:
[1]