Community discussions

MikroTik App
 
Spartacus
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Apr 19, 2018 6:38 pm

NTP-Server does not work

Wed Aug 22, 2018 3:28 pm

Hi,
I would like to sync my local mashines (different networks) with the RB3011. I setup the NTP-Server service, but the clients do not sync.

/system ntp server
set broadcast=no enabled=yes manycast=yes multicast=no
NTP-Server for the clients is the GW-Address of the Subnet. (e.g. Network:172.16.30.0: GW and NTP-Server: 172.16.30.1)

What is additional necessary to use the RB3011 as NTP-Server?
Regards,
Christian
 
pe1chl
Forum Guru
Forum Guru
Posts: 6674
Joined: Mon Jun 08, 2015 12:09 pm

Re: NTP-Server does not work

Wed Aug 22, 2018 4:55 pm

You need to setup NTP-Client with other servers in your network or on the internet that provide the RB3011 with correct time.
 
Spartacus
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Apr 19, 2018 6:38 pm

Re: NTP-Server does not work

Wed Aug 22, 2018 5:06 pm

Hi,
thanks for your answer,
but I have configured I"P Cloud ->Update Time". This means that RB3011 has the correct time. This is not the reason for sync issues. Seems to be that the cliend do not find the NTP-Server on my network.
Maybe I have to enter some FW rules?

Christian
 
pe1chl
Forum Guru
Forum Guru
Posts: 6674
Joined: Mon Jun 08, 2015 12:09 pm

Re: NTP-Server does not work

Wed Aug 22, 2018 5:40 pm

Hi,
thanks for your answer,
but I have configured I"P Cloud ->Update Time". This means that RB3011 has the correct time. This is not the reason for sync issues. Seems to be that the cliend do not find the NTP-Server on my network.
Maybe I have to enter some FW rules?

Christian
IP cloud update time does not provide sync for the NTP server. And it usually provides very inaccurate time.
The NTP server only synchronizes using the NTP client. It should indicate status "synchronized" (after some time).
You should not require special firewall rules when you have the usual "established / related" rule on your input firewall.
It may be that your ISP filters NTP because they believe it can be used for DDoS attack, but an NTP server on your internal network should always work.
Of course for your clients to use the NTP server, there has to be a rule that allows traffic to UDP port 123 in input. However, usually ALL input is allowed for the local network.
 
Spartacus
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Apr 19, 2018 6:38 pm

Re: NTP-Server does not work

Wed Aug 22, 2018 9:48 pm

Hi,
thanks for clarification. I´ve setup the NTP Client and I can see that NTP-Client on RB is synchronited. But client cannot sync.

RB IP 172.16.1.1
My subnet with the NTP-Client is 172.16.30.0/24.
IP requested via DHCP, GW is 172.16.30.1

NTP-Config on the client is 172.16.30.1. and I can see in the logile this message:
systemd-timesyncd[525]: Timed out waiting for reply from 172.16.30.1:123 (172.16.30.1)
Seems to be that the NTP-Server cannot be found.

FW-Rule (172.16.1.0/24 and 172.16.30.0/24 are members of VlanFriends)
add action=accept chain=forward comment=\
    "Allow inter VLAN communication with VLAN friends" dst-address-list=\
    VlanFriends in-interface-list=LAN src-address-list=VlanFriends
Any ideas?

Christian
 
pe1chl
Forum Guru
Forum Guru
Posts: 6674
Joined: Mon Jun 08, 2015 12:09 pm

Re: NTP-Server does not work

Wed Aug 22, 2018 9:53 pm

You need a chain=input rule because this packet is input to the router, not forwarded.
 
Spartacus
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Apr 19, 2018 6:38 pm

Re: NTP-Server does not work

Wed Aug 22, 2018 10:32 pm

Hi,
this rule seems to be working :D
add action=accept chain=input comment="Allow LAN NTP queries-UDP" dst-port=123  in-interface-list=LAN protocol=udp
Christian

Who is online

Users browsing this forum: Sob and 39 guests