Debian 13: Use Private NTP Server
Status
For hosts in isolated VLANS, we provide access to a local NTP server, via firewall rules.
The local NTP server is at: 192.168.1.12.
See this page for the local NTP server: Local GPS NTP Time Server
The main router includes a floating firewall rule that forwards UDP port 123 requests to the local NTP server.
It includes most of the VLANS. But can be updated to include other VLANs.
Configuration
Here are steps to configure an isolated Debian 13 VM to use the local NTP server.
NOTE: Debian 13 uses a service called, timesyncd.
Timesyncd is not as precise as true NTP.
But, it is good enough.
Timesyncd is installed by default.
We will use it.
You can verify timesyncd is running with this:
timedatectl show-timesync --all 
Install NTP on the VM with:
sudo apt update
sudo apt install ntpEdit the ntp config file to listen to the local NTP server.
Open it with:
sudo nano /etc/systemd/timesyncd.confNOTE:It NTPwill be mostly commented out, by default.
This is handledbecause bythe ntpsec in recent Ubuntu versions.And, its configurationservice is storedusing in:config /etc/ntpsec.defaults, or compiled defaults.
LocateUpdate theit NTPto poolpoint entries, and comment out each one.
Then, addto the local NTPntp server entry line:
server 192.168.1.12 iburstThe section should lookserver, like this:
#
UseClose serversand fromsave the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See https://www.pool.ntp.org/join.html for
# more information.
server 192.168.1.12 iburst
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst
# Use Ubuntu's ntp server as a fallback.
#server ntp.ubuntu.com
RestartOnce saved, restart the ntpsectimesyncd service with:
sudo systemctl restart ntpsecsystemd-timesyncdYou can check the service status with this:
sudotimedatectl systemctl status ntpsecAnd, you can see the NTP status, with this:
ntpqshow-timesync -p-all