NTP server how to

Network Time Protocol (NTP)
It’s a protocol used to synchronize Linux system’s clock with an accurate time source. This little yet powerful tool is very important for every big network. And I have few bad experiences with this NTP. Mostly because of either I forgot to configure or ignored for the time being and forgot later.

As I am working with Eucalyptus cloud platform, NTP is a must for the system to work perfectly. It is also used in Openstack cloud platform. In Eucalyptus if you ever find that Cloud Controller and Node Controller is not talking or Node controller is not sharing resources and throwing an error it is very wise to check the NTP configuration in the first place, and make sure that all the machines are following the correct time protocol.

[EUCAERROR ] ERROR: DescribeResource() could not be invoked (check NC host, port, and credentials)

Well, for both the platforms, there are two basic installation needed, one as a server and others as clients. Commands are mostly same for all the Linux platforms.

First install NTP on the server.

$ yum install ntp

it is important that we make sure that run level is set properly

$ chkconfig ntpd on

on server lets synchronize the system clock with an outer source which is more reliable.

$ ntpdate pool.ntp.org

for advanced configuration, we can set multiple sources here. Here is a very important catch. Servers who are able to figure out what time it is all on their own, without using the Internet are stratum 1 and then secondary stratum 2. for example,

ntp.amnic.net # stratum 1 timeserver
ntp.adc.am    # stratum 2 timeserver

Then if we want to restrict the access of the servers on our machine,

restrict ntp.amnic.net   mask nomodify notrap noquery
restrict ntp.adc.am      mask nomodify notrap noquery

noquery denies ntpq and ntpdc queries. So the time service does not get affected.
nomodify denies ntpq and ntpdc queries which attempt to modify the state of the server.
Instead of noquery, notrap will still allow queries from ntpq and ntpdc. traps are used by remote event logging programs. Traps provides a way off collecting ntpd information from another machine and require the use a special trap client program.

When the server is going to provide time to a certain network, just allow the network to query the NTP server

restrict mask nomodify notrap

The localhost needs to have the full access, so make sure it has no restriction keywords,


Another thing we should make sure, that if the NTP server is disconnected from the internet, the server provides time from its local system clock,

server     # local clock
fudge stratum 10

server says that the local system clock is the timeserver, fudge is the keyword to fake the local server with a high stratum. So, when the server is connected with the internet it will still use the l33t timeserver who has the lowest stratum.

After configuration we must [re]start the NTP server,

$ service ntpd start

check if NTP server is configured properly, it’ll show all the time servers,

$ ntpq -p

To configure Linux Client just add the NTP servers IP with following,

$ ntpdate -u xxx.xxx.xxx.xxx

To check which stratum is running on NTP server,

$ ntptrace

And that’s all. If I miss something important please feel free to add in the comment.

connect: Network is unreachable

So suddenly I was getting this weird error. Don’t know the exact reason. But some forum says it may happens because of having multiple NICs.

Anyway, then I checked $ sudo netstat -nr

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface   U         0 0          0 eth0

then run the following command

$ /sbin/route add -net gw eth0

and this time the result was different

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface         UG        0 0          0 eth0   U         0 0          0 eth0

….tada!!! It started working!

Restore panel in ubuntu

Well, this was funny though, but today I messed up the top panel of my desktop 😛

So, a little search gave me some results and which actually worked for me. Just few lines of commands gave me the top panel back again.

$ gconftool-2 --shutdown
$ gconftool --recursive-unset /apps/panel
$ rm -rf ~/.gconf/apps/panel
$ pkill gnome-panel


Internet sharing using a gateway computer

Gateway setup:
eth0 = the network adapter with internet (IP:
eth1 = the network adapter with client machine (IP:
The local network card cannot have the same subnet with the internet adapter.

Now, configure the internal network card for a static IP address as you need.

Configure the NAT (Network Address Translation):
Basically, here I’ll be configuring the iptables for NAT translation so that packets can be routed through the gateway.

$ sudo iptables -A FORWARD -o eth0 -i eth1 -s -m conntrack --ctstate NEW -j ACCEPT
$ sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -A POSTROUTING -t nat -j MASQUERADE

These are the iptables rules.
Rule 1: It allows the packets being forwarded
Rule 2: Allows forwarding of established connection packets
Rule 3: It does the NAT

iptables rule doesn’t save by default. It has to be saved manually.

$ sudo iptables-save | sudo tee /etc/iptables.sav

Edit the /etc/rc.local and add the following lines so that it calls that file every time when the gateway machine is booted.

iptables-restore < /etc/iptables.sav

Run the following line

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Uncomment the following line from /etc/sysctl.conf


Client setup:
eth0 = the network adapter with the gateway pc (IP:

Change the gateway to the host machines IP address.

To configure DNS server edit the /etc/resolv.conf file and add ISP’s DNS servers.

nameserver xx.xx.xx.xx

And Boom!! 😀

apache2: apr_sockaddr_info_get() failed

While I was trying to restart apache from a VM, I was getting this weird error!

* Restarting web server apache2
apache2: apr_sockaddr_info_get() failed for ip-172-19-1-2
apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName
... waiting apache2: apr_sockaddr_info_get() failed for ip-172-19-1-2
apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName
[ OK ]
But the solution for this problem is problem is too simple 🙂
just try the following steps:
 sudo nano /etc/apache2/httpd.conf 
Most probably the file is empty.
Just add the following line, and done!
 ServerName localhost 

[ localhost will be the servername. ]