v6.24.7
I've installed the ntp package, and (hopefully correctly) configured the ntp server properly:
Code: Select all
[admin@MikroTik] /system ntp server> print
enabled: yes
broadcast: yes
multicast: no
manycast: yes
broadcast-addresses: 192.168.1.0
Now I need to configure the firewall to allow systems on the LAN to see that server, so I added rule 8, which -- I hope -- accepts requests to udp port 123 from the 192.168.1.0 network. Nmap only shows ports 22, 80 and 2000 listening, but ntpq seems to show it's working. Which is right?
.
Code: Select all
$ sudo nmap 192.168.1.1
Starting Nmap 7.50 ( https://nmap.org ) at 2018-09-05 18:34 CDT
Nmap scan report for 192.168.1.1
Host is up (0.0016s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
2000/tcp open cisco-sccp
MAC Address: 6C:3B:6B:2F:7F:5C (Routerboard.com)
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
Code: Select all
$ sudo ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.1.1 .POOL. 16 p - 64 0 0.000 0.000 0.000
192.168.1.1 68.0.14.76 3 u 54 64 1 0.255 -0.737 0.000
Code: Select all
[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
2 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related log=no log-prefix=""
3 ;;; defconf: drop all from WAN
chain=input action=drop tcp-flags="" in-interface=ether1 log=no log-prefix="WANDrop "
4 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
5 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related log=no log-prefix=""
6 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
7 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 log=yes log-prefix="not_DSTNATed"
8 chain=forward action=accept protocol=udp src-address=192.168.1.0 dst-address=192.168.1.1 src-port="" dst-port=123 log=no log-prefix=""