Skip to main content Force all devices to use your OpenWRT Router for NTP time syncronization. : r/openwrt
Go to openwrt
•
[deleted]

Force all devices to use your OpenWRT Router for NTP time syncronization.

I have some weird issues with IOT's and NTP, also have some devices that I don't want talking to the Internet so I have OpenWRT set up as an NTP Server.

Before moving forward, make sure your OpenWRT router is an NTP Server and not just an NTP Client, for this, log into your OpenWRT Console, go to System, then System again, and open Time Synchronization and check the Provide NTP Server.

Now go to Network, then Firewall, Custom Rules and add the lines below, the address 192.168.1.0 is my network IP range, and 192.168.1.1 is my OpenWRT IP, which is my NTP server.

If you have more than one IP range, add the same line with their individual IP range and interface IP's.

# Force NTP

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p udp --dport 123 -j DNAT --to 192.168.1.1

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 123 -j DNAT --to 192.168.1.1

Calling all experts and enthusiasts! Time is money, and with Squarespace, you can make even *more* when you offer your services with its all-in-one Commerce tools. So turn your practice into profit and your expertise into income.
Sign Up
squarespace.com
Thumbnail image: Calling all experts and enthusiasts! Time is money, and with Squarespace, you can make even *more* when you offer your services with its all-in-one Commerce tools. So turn your practice into profit and your expertise into income.
Sort by:
Best
Open comment sort options
[deleted]
•

There is also another option of having your DHCP Server be the one to push your NTP Settings to clients.

I also do this, but not all devices listen to this option.

In your OpenWRT Console, go to Network, Interfaces, then go to LAN (Or the Interface you want to add this option to), then click Edit.

Go to DHCP Server, Advanced Settings and add the lines below, each item needs to be added to an individual line, the IP address on the line below of 192.168.1.1 would be your router's IP address. This new settings will not automatically deploy, but they will be deployed next time a device connects to DHCP, so if you want to force it, you might need to restart your network to force all devices to talk to DHCP again. This is also a great option for isolated network so they at least have an NTP server to talk to.

4,192.168.1.1

42,192.168.1.1

•

DHCP Option 4 shouldn't be needed as it refers to an older time statement protocol that seems to no longer be in use. I'm not sure OpenWRT even implements this kind of time server. https://www.rfc-editor.org/rfc/rfc2132.html#section-3.6

DHCP Option 42 is the correct option to set NTP server as this is most common for time synchronization today. NTP Server is not enabled by default in OpenWRT and will need to be manually enabled and set with the 42 option. I wish this were enabled by default.

More replies
• • Edited

How would I go about this if my ntp server isn't on the router? My ntp server is on a raspberry pi and if I do this with changing the --to address for the raspberry, won't it effectivelly just create loop where every device will ask the pi for time and the pi will try to ask itself as well?

Is there any way to exclude a single host from the iptables command ?

edit: i don't rly understand the iptables command fully, but would this do the trick?

iptables -t nat -A PREROUTING -s 192.168.1.101 -p udp --dport 123 -j ACCEPT

iptables -t nat -A PREROUTING -s 192.168.1.101 -p tcp --dport 123 -j ACCEPT

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p udp --dport 123 -j DNAT --to 192.168.1.101

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 123 -j DNAT --to 192.168.1.101

where the 192.168.1.101 is the ntp server ?