Chronyd works once then no sync

I have chronyd service starting up, syncing time once, and then no more time syncing.
Service status gives an error “Could not open command socket on [::1]:323”.
Is this because my firewall blocks localhost ports? I thought port 323 was only needed for chronyc management, but is it also required for chrony to work?

The service binds to that socket by default.
There’s apparently something wrong with your system.

ip -6 address show dev lo

Oh, no, I don’t have ipv6 on on my system. How do I force chrony use only ipv4?

You must edit /etc/sysconfig/chronyd and add “-4” option for chronyd to only use ipv4. Now systemctl status chronyd doesn’t throw any errors.

And it turns out udp loopback port 323 needs to be opened up in iptables for chronyc commands to work to show sources and tracking. But port 123 is used for actual ntp packets.

2 Likes