Create NTP Server on Linux Debian
 |
| Fig : NTP Server |
1. Install the NTP Service
Debian 12 uses ntpsec by default.
- sudo apt update
- sudo apt install ntpsec -y
2. Configure NTP
Edit the configuration file:
- sudo nano /etc/ntpsec/ntp.conf
Upstream Time Servers
Replace or add U.S.-based pool servers:
- pool 0.us.pool.ntp.org iburst
- pool 1.us.pool.ntp.org iburst
- pool 2.us.pool.ntp.org iburst
- pool 3.us.pool.ntp.org iburst
Allow Your LAN Clients
For your network 192.168.32.0/19:
- restrict default kod nomodify notrap nopeer noquery
- restrict 127.0.0.1
- restrict ::1
- restrict 192.168.32.0 mask 255.255.224.0 nomodify notrap
Optional: Local Clock Fallback
- server 127.127.1.0
- fudge 127.127.1.0 stratum 10
3. Enable and Start the Service
- sudo systemctl enable ntpsec
- sudo systemctl restart ntpsec
4. Allow UDP Port 123
If you’re using iptables:
- sudo iptables -A INPUT -i ens192 -s 192.168.32.0/19 -p udp --dport 123 -j ACCEPT
- sudo netfilter-persistent save
If using nftables (Debian 12 default):
- sudo nano /etc/nftables.conf
Add:
- add rule inet filter input iif "ens192" ip saddr 192.168.32.0/19 udp dport 123 accept
Then:
- sudo systemctl restart nftables
5. Verify Server Status
Check if it’s listening:
- ss -ulpn | grep ':123 '
Check sync status:
- ntpq -pn
You should see a * next to one of the pool servers with a stratum < 16.
6. Test From a Client
Linux client:
- sudo ntpdate -q 192.168.32.76
Windows client (PowerShell):
- w32tm /stripchart /computer:192.168.32.76 /samples:5 /dataonly
7. Monitor Connected Clients
Enable monitoring in /etc/ntpsec/ntp.conf:
Then:
- sudo systemctl restart ntpsec
- ntpq -c "mrulist"
0 Comments