Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Fixing network time drift' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Fixing network time drift
Authored by: noworryz on Feb 19, '03 11:50:03AM

If you've had a problem keeping your clock accurate using network time, this tip may help out, especially if you see the clock drifting even though the "Set Time Now" button seems to work. (Network time is controlled from the System Preferences, Date & Time pane, Network Time tab.)

OS X has a confusing "feature" that makes diagnosing the problem difficult: after enabling the "Use a network time server" checkbox, OS X attempts to synchronize the time using a different method than when you press the "Set Time Now" button.

After enabling "Use a network time server," OS X sends Network Time Protocol (NTP) messages using the User Datagram Protocol (UDP) from port 123 of your machine to port 123 of the specified NTP Server. The server replies from port 123 to port 123 of your machine.

After pressing the "Set Time Now" button, OS X sends NTP messages from a very high port number (above 49152) of your machine to port 123 of the NTP Server. The server replies from port 123 to the same high port number of your machine.

Diagnosing NTP

To see if you have a problem, enable the "Use a network time server" checkbox and press the "Set Time Now" button. Open the terminal and type:

ntpq -p

If ntpq outputs "ntpq: read: Connection refused," then the "Use a network time server" checkbox is probably not enabled.

If ntpq outputs "No association ID's returned," then no NTP messages at all are getting through.

If the ntpq output has a "16" in the "st" (stratum) column, then the (123/123) NTP messages are not getting through but the high port numbered "Set Time Now" messages are being received:

remote      refid    st t when poll reach   delay   offset  jitter
=====================================================================
[server]  0.0.0.0    16 u    -  68m    0    0.000    0.000 4000.00

Where [server] is the specified NTP server.

If the ntpq output has a number lower than 16 in the "st" column, then NTP is working correctly:

remote      refid    st t when poll reach   delay   offset  jitter
=====================================================================
[server] [something]  2 u   48  68m    1  141.594   14.361   0.004

Fixing NTP

NTP problems are often caused by a firewall between you and the NTP server, either a software firewall on your machine or a hardware firewall at your Internet connection.

Check to see if you have a software firewall installed, such as Brickhouse or have the Jaguar built-in firewall enabled in the System Preferences, Sharing pane, Firewall tab.

If you have no control over the firewall, the problem will be unsolvable, at least until Apple makes changes to OS X. Otherwise, you will want to reduce the firewall security by the smallest amount necessary to solve the problem. Note that traffic from the NTP server always:

  • uses the UDP (not TCP) protocol,
  • is from port 123,
  • is either to port 123 or to a port over 49,152,
  • is from the IP address of the specified NTP server.

At minimum, the firewall should be modified to only allow additional messages with the first three characteristics above. In Brickhouse and most other software firewalls, the appropriate filter lines are usually:

add [number1] allow udp from any 123 to any 123 via en0
add [number2] allow udp from any 123 to any 49152-65535 via en0

Where [number1] and [number2] are integers that specify the order in which to execute the filter rules. You can list the existing firewall rules within Brickhouse or with the terminal command:

sudo ipfw list

Other firewalls may have a different syntax; reading your firewall manual is required.

[ Reply to This | # ]

Fixing network time drift
Authored by: tomem on May 22, '04 09:08:27AM

My ntpq checks out ok, and my firewall is turned off completely. My clock seems to run at least a half hour fast per week, and I have to open the date & time panel to get auto time setting to work. Seems like there is a snag other than what you mention here. I'm trying the NIST time server for a while to see if that interacts better with the automatic setting...

Tom Moore
Crofton MD USA

---
TomEM
Crofton, MD



[ Reply to This | # ]