network-ntp.html

FreeBSD安装说明概述 FreeBSD 提供了一个以文字为主

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>NTP</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD 使用手册" href="index.html" />
<link rel="UP" title="Advanced Networking" href="advanced-networking.html" />
<link rel="PREVIOUS" title="DNS" href="network-dns.html" />
<link rel="NEXT" title="Network Address Translation" href="network-natd.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=GB2312" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD 使用手册</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="network-dns.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 19. Advanced Networking</td>
<td width="10%" align="right" valign="bottom"><a href="network-natd.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="NETWORK-NTP" name="NETWORK-NTP">19.12. NTP</a></h1>

<i class="AUTHORGROUP"><span class="CONTRIB">Contributed by</span> Tom Hukins.</i> 

<div class="SECT2">
<h2 class="SECT2"><a id="AEN28360" name="AEN28360">19.12.1. Overview</a></h2>

<p>Over time, a computer's clock is prone to drift. As time passes, the computer's clock
becomes less accurate. NTP (Network Time Protocol) is one way to ensure your clock is
right.</p>

<p>Many Internet services rely on, or greatly benefit from, computers' clocks being
accurate. For example, a Web server may receive requests to send a file if it has
modified since a certain time. Services such as <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">cron</span>(8)</span> run commands at a given time. If the clock is
inaccurate, these commands may not run when expected.</p>

<p>FreeBSD ships with the <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntpd</span>(8)</span> NTP server which can be used to query other
NTP servers to set the clock on your machine or provide time services to others.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN28374" name="AEN28374">19.12.2. Choosing Appropriate NTP
Servers</a></h2>

<p>In order to synchronize your clock, you will need to find one or more NTP servers to
use. Your network administrator or ISP may have set up an NTP server for this
purpose--check their documentation to see if this is the case. There is a <a
href="http://www.eecis.udel.edu/~mills/ntp/servers.html" target="_top">list of publicly
accessible NTP servers</a> which you can use to find an NTP server near to you. Make sure
you are aware of the policy for any servers you choose, and ask for permission if
required.</p>

<p>Choosing several unconnected NTP servers is a good idea in case one of the servers you
are using becomes unreachable or its clock is unreliable. <span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span> uses the responses
it receives from other servers intelligently--it will favor unreliable servers less than
reliable ones.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN28385" name="AEN28385">19.12.3. Configuring Your
Machine</a></h2>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN28390" name="AEN28390">19.12.3.1. Basic
Configuration</a></h3>

<p>If you only wish to synchronize your clock when the machine boots up, you can use
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span>. This may
be appropriate for some desktop machines which are frequently rebooted and only require
infrequent synchronization, but most machines should run <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntpd</span>(8)</span>.</p>

<p>Using <span class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span>
at boot time is also a good idea for machines that run <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntpd</span>(8)</span>. The <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntpd</span>(8)</span> program changes the clock gradually, whereas
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span> sets the
clock, no matter how great the difference between a machine's current clock setting and
the correct time.</p>

<p>To enable <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntpdate</span>(8)</span> at boot time, add <var
class="LITERAL">ntpdate_enable="YES"</var> to <tt class="FILENAME">/etc/rc.conf</tt>. You
will also need to specify all servers you wish to synchronize with and any flags to be
passed to <span class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span>
in <var class="VARNAME">ntpdate_flags</var>.</p>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN28424" name="AEN28424">19.12.3.2. General
Configuration</a></h3>

<p>NTP is configured by the <tt class="FILENAME">/etc/ntp.conf</tt> file in the format
described in <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntp.conf</span>(5)</span>. Here is a simple example:</p>

<pre class="PROGRAMLISTING">
server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net

driftfile /var/db/ntp.drift
</pre>

<p>The <var class="LITERAL">server</var> option specifies which servers are to be used,
with one server listed on each line. If a server is specified with the <var
class="LITERAL">prefer</var> argument, as with <tt
class="HOSTID">ntplocal.example.com</tt>, that server is preferred over other servers. A
response from a preferred server will be discarded if it differs significantly from other
servers' responses, otherwise it will be used without any consideration to other
responses. The <var class="LITERAL">prefer</var> argument is normally used for NTP
servers that are known to be highly accurate, such as those with special time monitoring
hardware.</p>

<p>The <var class="LITERAL">driftfile</var> option specifies which file is used to store
the system clock's frequency offset. The <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntpd</span>(8)</span> program uses this to automatically compensate
for the clock's natural drift, allowing it to maintain a reasonably correct setting even
if it is cut off from all external time sources for a period of time.</p>

<p>The <var class="LITERAL">driftfile</var> option specifies which file is used to store
information about previous responses from the NTP servers you are using. This file
contains internal information for NTP. It should not be modified by any other
process.</p>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN28447" name="AEN28447">19.12.3.3. Controlling Access to Your
Server</a></h3>

<p>By default, your NTP server will be accessible to all hosts on the Internet. The <var
class="LITERAL">restrict</var> option in <tt class="FILENAME">/etc/ntp.conf</tt> allows
you to control which machines can access your server.</p>

<p>If you want to deny all machines from accessing your NTP server, add the following
line to <tt class="FILENAME">/etc/ntp.conf</tt>:</p>

<pre class="PROGRAMLISTING">
restrict default ignore
</pre>

<p>If you only want to allow machines within your own network to synchronize their clocks
with your server, but ensure they are not allowed to configure the server or used as
peers to synchronize against, add</p>

<pre class="PROGRAMLISTING">
restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
</pre>

<p>instead, where <tt class="HOSTID">192.168.1.0</tt> is an IP address on your network
and <tt class="HOSTID">255.255.255.0</tt> is your network's netmask.</p>

<p><tt class="FILENAME">/etc/ntp.conf</tt> can contain multiple <var
class="LITERAL">restrict</var> options. For more details, see the <var
class="LITERAL">Access Control Support</var> subsection of <span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntp.conf</span>(5)</span>.</p>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN28467" name="AEN28467">19.12.4. Running the NTP
Server</a></h2>

<p>To ensure the NTP server is started at boot time, add the line <var
class="LITERAL">xntpd_enable="YES"</var> to <tt class="FILENAME">/etc/rc.conf</tt>. If
you wish to pass additional flags to <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">ntpd</span>(8)</span>, edit the <var
class="VARNAME">xntpd_flags</var> parameter in <tt
class="FILENAME">/etc/rc.conf</tt>.</p>

<p>To start the server without rebooting your machine, run <tt class="COMMAND">ntpd</tt>
being sure to specify any additional parameters from <var
class="VARNAME">xntpd_flags</var> in <tt class="FILENAME">/etc/rc.conf</tt>. For
example:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">ntpd -p /var/run/ntpd.pid</kbd>
</pre>

<div class="NOTE">
<blockquote class="NOTE">
<p><b>Note:</b> Under FreeBSD&nbsp;5.X, various options in <tt
class="FILENAME">/etc/rc.conf</tt> have been renamed. Thus, you have to replace every
instance of <var class="LITERAL">xntpd</var> with <var class="LITERAL">ntpd</var> in the
options above.</p>
</blockquote>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN28489" name="AEN28489">19.12.5. Using ntpd with a Temporary
Internet Connection</a></h2>

<p>The <span class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span>
program does not need a permanent connection to the Internet to function properly.
However, if you have a temporary connection that is configured to dial out on demand, it
is a good idea to prevent NTP traffic from triggering a dial out or keeping the
connection alive. If you are using user PPP, you can use <var
class="LITERAL">filter</var> directives in <tt class="FILENAME">/etc/ppp/ppp.conf</tt>.
For example:</p>

<pre class="PROGRAMLISTING">
 set filter dial 0 deny udp src eq 123
 # Prevent NTP traffic from initiating dial out
 set filter dial 1 permit 0 0
 set filter alive 0 deny udp src eq 123
 # Prevent incoming NTP traffic from keeping the connection open
 set filter alive 1 deny udp dst eq 123
 # Prevent outgoing NTP traffic from keeping the connection open
 set filter alive 2 permit 0/0 0/0
</pre>

<p>For more details see the <var class="LITERAL">PACKET FILTERING</var> section in <span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ppp</span>(8)</span> and the examples in
<tt class="FILENAME">/usr/share/examples/ppp/</tt>.</p>

<div class="NOTE">
<blockquote class="NOTE">
<p><b>Note:</b> Some Internet access providers block low-numbered ports, preventing NTP
from functioning since replies never reach your machine.</p>
</blockquote>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN28506" name="AEN28506">19.12.6. Further Information</a></h2>

<p>Documentation for the NTP server can be found in <tt
class="FILENAME">/usr/share/doc/ntp/</tt> in HTML format.</p>
</div>
</div>

<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="network-dns.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="network-natd.html"
accesskey="N">Next</a></td>
</tr>

<tr>
<td width="33%" align="left" valign="top">DNS</td>
<td width="34%" align="center" valign="top"><a href="advanced-networking.html"
accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">Network Address Translation</td>
</tr>
</table>
</div>
</body>
</html>