Allowing ntpd syncing in a restricted zone

darksky · September 25, 2021, 8:14am

I have some cameras in a restricted zone which does not have WAN access per my firewall zone setup.

Right now I have a single forwarding rule to the restricted zone allowing dns and dhcp so it should be able to resolve the URL.

I am wondering what the best way to allow only traffic on port 123 (ntpd) so the camera are able to set their time using only a specific domain (pool.ntp.org). If a specific domain isn't possible, is the best strategy to run a ntpd on the router itself and let the cameras use that?

takimata · September 25, 2021, 9:08am

I would say so, if only for the fact that you don't even have to install an ntp server -- the NTP "client" in OpenWrt is already able to act as a server, activated by enable_server in the config. All you then have to do is open port 123 to the router, just as you did with 53, 67, and 68, and have the camera request time from the router's IP.

(Curiously, there has been a very similar question just two days ago. It's funny how topics seem to "cluster" sometimes.)

system · January 30, 2022, 2:38pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.