Hello everyone,
I have few very old pieces of hardware that do not support DST switching, custom ntp ports, etc, but those have to operate according to proper local time. Currently, I just have a real dedicated machine on the network (OrangePi Zero) with static IP and customized ntp server for the sole purpose of providing corrected time to those pieced of hardware on port 123, which works perfectly fine, but is a bit inconvenient and less than ideal, since it also requires a bit of maintenance, just like any other real machine.
So, I thought, maybe I can create a fake/virtual host directly on the root router running OpenWRT, such that when devices from my intranet request time from, say, 192.168.1.200:123 or 123.123.123.123:123 (fake host), this request would get re-directed to 192.168.1.1:1123 (root router). So, they would get response from the custom ntp server running on the root router, but this response (UDP packet) would be modified to pretend it was sent from the fake host. I think it should be possible to accomplish using iptables / nftables rules, however, my experiments with it didn't work so far, since, I guess, the router should also respond to ARP requests for and absent host on 192.168.1.200 address, but I'm not sure how to accomplish this part... maybe another set of iptables rules, or virtual network interface with distinct MAC address?..
Here are the iptables rules I used so far:
# re-direct incoming
iptables -t nat -A PREROUTING -p udp -d 192.168.1.200 --dport 123 -j DNAT --to-destination 192.168.1.1:1123
#iptables -t nat -I PREROUTING -p udp -d 123.123.123.123 --dport 123 -j DNAT --to-destination 192.168.87.1:1123
# fix outgoing
iptables -t nat -A POSTROUTING -p udp -s 192.168.1.1 --sport 1123 -j SNAT --to-source 192.168.1.200:123
#iptables -t nat -A POSTROUTING -p udp -s 192.168.1.1 --sport 1123 -j SNAT --to-source 123.123.123.123:123
Any advice is highly appreciated!