Forward internal NTP requests to router

I'm trying to intercept NTP requests and forward them to the routers NTP server instead.

I can't get it to work, the requests seems to end up on WAN no matter what I do.

Shouldn't this work?

Log in to the router over ssh and run nft list ruleset | grep Intercept-NTP

What's the output?

I got it to work but with these commands, I adjusted it for NTP and port 123
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

I honestly don't know why it was ignoring the intercept... the rule is basically the same as my screenshot except there is no internal port in the new rule.

It would be nice for future users if you define in clear text exactly what changes you did compared to the start setup. Your link isn’t really point to anything directly involved to your settings.

You can also fine tune your rule to only use udp. Ntp usually never use tcp.

Sure, firewall config, adjusted to only use UDP:

config redirect 'ntp_int'
        option name 'Intercept-NTP
        option src 'lan'
        option src_dport '123'
        option proto 'udp'
        option family 'any'
        option target 'DNAT'

Or from commad line:


uci set firewall.ntp_int="redirect"
uci set firewall.ntp_int.name="Intercept-NTP"
uci set firewall.ntp_int.src="lan"
uci set firewall.ntp_int.src_dport="123"
uci set firewall.ntp_int.proto="udp"
uci set firewall.ntp_int.family="any"
uci set firewall.ntp_int.target="DNAT"
uci commit firewall
service firewall restart
1 Like

I use the ntp server as well and have noticed on more than one device it stops responding after a while even though the process is there with no errors.

A daily ntp restart has solved it for me.

It'll be interesting to see if you have that issue as well.

You mean it stops responding on the OpenWrt side and you restart ntpd there?

Yes that's correct.

Can't say i've noticed that (yet)...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.