SNTP

FabFab10 · September 30, 2013, 9:59am

Hello , i have an x86 machine which is working as firewall to protect one of my networks. I have some SNTP clients inside this network that need to sync their time to an external server. I’ve tried to create a filter rule to allow UDP port 123 but i’m not able to do this. Is it because routeros has NTP package installed as server an client?
my last attempt of this rule is:
;;; NTP protocol
chain=forward action=accept protocol=udp src-address=192.168.4.0/24
in-interface=ether2

ether2 is my internal NIC

thanks in advance for any suggestion

janisk · September 30, 2013, 10:44am

NTP server and client installed on RouterOS does not interfere with NTP requests that are handled over the router.

You can check wiki.mikrotik.com for details on how to configure the firewall. Also,there are good recommendations on how to set it up.

FabFab10 · September 30, 2013, 1:55pm

I found this way to make it work, using masquerade just on that port:

;;; Masquerade NTP NAT
chain=srcnat action=masquerade protocol=udp src-address=192.168.4.0/24
dst-port=123

I just want to know if this way is correct or introduces some risks.

Thanks