Community discussions

MikroTik App
 
carlos1800
just joined
Topic Author
Posts: 2
Joined: Fri Jun 10, 2022 4:09 pm

ntp server

Fri Jun 10, 2022 5:17 pm

Hi,

On RouterOS 7.2.3, i'm haveing trouble setting up an NTP server. As far I can tell, the ntp packets are arriving from the client to the Mikrotik (see log entry below), but it seems like the Mikrotik doesn't do anything (or the packet doesn't reach the ntpd), and I can't get any logging info from the ntpd (see ntp logging settings below)

Any advice?
Regards:
C.

The data/parameters of the systems are shown below.

ip addresses:
ntp client 192.168.226.13
ntp server 192.168.226.1 this ip is binded to a vlan interface.

/system/ntp/server/print
enabled: yes
broadcast: no
multicast: no
manycast: no
broadcast-addresses:
use-local-clock: yes
local-clock-stratum: 5
auth-key: none

/system/ntp/client/print
enabled: yes
mode: unicast
servers: de.pool.ntp.org
freq-drift: -6.156 PPM
status: synchronized
synced-server: de.pool.ntp.org
synced-stratum: 2
system-offset: -0.64 ms

firewall filter:
chain=input action=accept protocol=udp in-interface=all-vlan dst-port=123 log=yes log-prefix="NTP"

log entry:
NTP input: in:vlan-voip out:(unknown 0), src-mac 00:08:5d:32:dd:33, proto UDP, 192.168.226.13:1160->192.168.226.1:123, len 76

ntp logging settings:
/system/logging/print
7 ntp memory
debug
packet
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: ntp server

Fri Jun 10, 2022 9:14 pm

Use of in-interface=all-vlan in firewall rule looks suspicious to me. Try to set it to particular vlan interface you're testing with to see if it works then. Use of "all-<something>" interfaces does cause some random problems here and there ...
If you want to create firewall rule which works for multiple interfaces, then manually create interface list and use in-interface-list= property.
 
carlos1800
just joined
Topic Author
Posts: 2
Joined: Fri Jun 10, 2022 4:09 pm

Re: ntp server

Mon Jun 13, 2022 12:02 am

Use of in-interface=all-vlan in firewall rule looks suspicious to me. Try to set it to particular vlan interface you're testing with to see if it works then. Use of "all-<something>" interfaces does cause some random problems here and there ...
If you want to create firewall rule which works for multiple interfaces, then manually create interface list and use in-interface-list= property.
I'm using the all-vlan interface list as a troubleshooting setting, Originally the traffic is enabled only on a specific vlan.

In either case, the packet arrives to the Mikrotik device (see log entry), and after that, nothing happens.

On a Linux system I would check the binding of the ntpd, turn on the troubleshooting of the ntpd, and go from there, but on RouterOS i don't have these tools available, or at least i don't have the experience/knowledge to do this, even after reading the docs.

For example how should I know if the ntpd is listening on an interface? Is it listening on all interface? Is it listens on vlan interfaces? Or only on physical interfaces?

Any advice on that?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: ntp server

Mon Jun 13, 2022 12:10 pm

AFAIK in ROS NTP server listens on all interfaces that have L3 setup (e.g. IP address), at least there isn't a specific setting for that, so it's up to firewall (chain=input) to restrict access. IIRC there are some problems when interface has multiple IP addresses set (NTP server replies with default IP address instead of the one used for forward packets), but I guess this is not the problem in your case.

For testing purposes I'd simply unset the in-interface property on the firewall rule. I'm not sure how such changes in configuration translate into actual device behaviour, so a router reboot might be necessary.

Since you didn't post full config of firewall ... make sure you have the usual "accept established,related" firewall rule for chain=input in place ... with out it it might happen that connections don't work as intended.

Who is online

Users browsing this forum: cmmike, hatred, mszru, mtkvvv, svmk and 44 guests