Hey all. I’ve been motivated by the discussions over at Jupiter Broadcasting podcasts to try Ubuntu MATE 16.04.9 LTS, (Linux m8 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 GNU/Linux. I’d like to utilize this VM as a potential suitor for replacing my current Debian Jessie rig.
My VM is configured to utilize network preferences. I am able to browse the web via Firefox with no browser proxy setting changes, as well as being able to apt-get packages. However, I am not able to leverage the online Welcome components and am presented with a Retry Connection button once network connectivity is established.
Also I noticed that NTP updates were going out to known TOR IPs. Not a show stopper but not wanted in a corporate environment. I changed the time (via GUI) to leverage a manually set time versus NTP. Unfortunately the behavior persisted in reaching out to TOR for NTP updates via UDP 123.
I hope that this is not a totally noob ignorance issue but thought I’d share my recent concerns.
P.S. I have enjoyed my Debian MATE testing at the house.
Port 123 is the well known port for ntp – working as expected. The big servers, which might also be running TOR, are probably ntp stratum 3 servers as well. You can change the ntp servers in /etc/ntp.conf
If connection is established after Welcome is opened, you'll need to "Retry Connection".
Otherwise, if Welcome always fails to think it's connected to the outside world, then you may want to check any HTTP configuration, since other applications could be impacted too.
Welcome tries to establish a HTTP connection to http://archive.ubuntu.com/ as a test. If this HTTP request fails, then Welcome presumes there is no connection.
If you need to force Welcome to stop showing that message, use this command:
Why would there be an option to set the time manually only to have NTP go out and validate time? That seems misleading or deceptive. Please understand I’m all for changing a config but if MATE were to be implemented it would reach some disapproval of talking to TOR nodes…potentially.
I can browse all day long from Firefox and I can use apt-get without any proxy commands appended so those respect the system wide proxy settings. Welcome doesn’t work. I can run the System -> Administration -> Software Updater successfully, or at least it reports its fine. The Software Boutique states it needs to be online.
I don’t mind the Welcome from coming up at this point.
Yes, understand I am good with the TOR IPs. That is me personally. However the company in which I work for does not want to see traffic going to those IPs.
Manually changed the time via Admin from NTP to manual. Reboot.
Connections still went out to TOR IPs.
Changed /etc/ntpd, commented out the Ubuntu NTP pools. Reboot.
Not seeing outbound NTP connections.
Not sure if I know how the Internet is done but I am comfortable in networking and system administration.
The gist of this topic from my concern is that even when disabling time syncs via NTP and setting it to manually set a component of the OS still made outbound calls to NTP servers including TOR nodes. Why put a feature in that allows time to be set manually when NTP requests continue?
I see where outbound connections to steelix.canonical.com and danava.canonical.com, TCP 80, are going out the default gateway via normal routes. Unfortunately that connectivity doesn’t exist and hence the use of a proxy server which seems to work for certain aspects of MATE.
Good news, I left my MATE VM up all night and didn’t see any NTP outbound connections. This behavior was only observed after modifying the NTP conf file. I just installed Wireshark so I’ll go through some more testing when executing specific behavior.
