What's new

Custom firmware build for R7800 v. 1.0.2.72SF

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thank you @Voxel for the custom firmware. I have used custom firmwares in the past on other routers, mainly DD-WRT. However since buying the Netgear R7800 I have pretty much used the Netgear stock firmware. I came across the Voxel custom firmware after doing some research regarding a problem I am experiencing with the stock Netgear firmware. Hoping the Voxel firmware would resolve the problem, I applied it. Unfortunately after applying the custom Voxel firmware the issue is not resolved. I can say though that performance so far with the Voxel custom firmware does seem to be improved, especially with the web interface.

Now on to the problem I am having and why I decided to try the Voxel firmware to begin with. Basically I am unable to use NTP services on any devices in my network. This includes on the router itself. When the router tries to set time via NTP, whether the Netgear NTP server or a custom NTP server, I get the error message:

Warning:The router has failed to connect to the selected NTP server,please check your internet connectivity or try another NTP server.

After a lot of research, I came across the following thread that fully explains the problem that is occurring:

https://forums.att.com/t5/AT-T-Fibe...11ea82ec01f40a240610&source=EC1NAT10600aff12A

I have AT&T fiber, I am using DMZPlus, and I have the affected modem in question so I am having the problem discussed in the thread. Basically the problem is that AT&T is blocking port 123 which NTP uses:

https://about.att.com/sites/broadband/network

This normally would not be a problem assuming that the router's NAT translation uses an ephemeral port for the reply instead of reusing port 123. However it looks like the Netgear routers including the R7800 does not do this and instead requests the reply to come via port 123. Since port 123 blocked, NTP services do not work. I did connect a PC directly to the modem bypassing the Netgear R7800 modem and confirmed that the issue went away.

There are posts in the first thread on how to fix in some type of routers, but most are for higher end or non-consumer routers. I can't find a fix for the Netgear R7800. The issue is also mentioned in the following post:

https://community.netgear.com/t5/Ni...d-time-sync-issue-behind-AT-amp-T/m-p/1229317

The poster mentions that Netgear provided him a "special firmware" to fix the problem but obviously the fix has not made it into one of the publicly released firmwares. I am not holding my breath on Netgear releasing any updated firmwares soon, if ever, which is what led me to start looking for alternate firmwares and finding the Voxel firmware. Would I be able to do some configurations via Telnet that would fix this issue and/or can a fix be implemented in a future Voxel firmware?

FYI I am pretty technical but advanced networking and working in Linux are not my strengths. However I am pretty good at following instructions so if anyone does have any suggestions I will be happy to try.
 
I have AT&T fiber, I am using DMZPlus, and I have the affected modem in question so I am having the problem discussed in the thread. Basically the problem is that AT&T is blocking port 123 which NTP uses:

https://about.att.com/sites/broadband/network

Man, that sucks!

I have two separate fiber ISPs coming into my condo; AT&T being one of them and the other is a local ISP.

I am so glad I did not sign up with AT&T! Actually, it was a no brainer to use the local ISP since they beat AT&T in terms of everything. And the local ISP does not block any ports.

Anyway, I hope you get the NTP port 123 issue resolved.
 
Last edited:
Man, that sucks!

I have two separate fiber ISPs coming into my condo; AT&T being one of them and the other is a local ISP.

I am so glad I did not sign up with AT&T! Actually, it was a no brainer to use the local ISP since they beat AT&T in terms of everything. And the local ISP does not block any ports.

Anyway, I hope you get the NTP port 123 issue resolved.

Well honestly besides this issue and not offering true bridge mode (the DMZPlus setting I mentioned is some type quasi bridged but not true bridge mode), my service with them has been great. I rarely have outages and when I do they are pretty responsive.
 
Have you tried the Kamoj add-on?
It has an alternative time sync implemented.
Just a thought...

I have not. As mentioned I am new to this firmware and went through this whole entire thread today to learn more about it. I have not gotten through threads from previous firmware versions (that would be a lot of reading!) I did see Kamoj add-ons mentioned but was not sure what they were. Is there a link somewhere I can read more about them and how to get them installed? Also would the add on just fix the time sync problem on the router or on all the devices trying to use NTP on my network?
 
I have not. As mentioned I am new to this firmware and went through this whole entire thread today to learn more about it. I have not gotten through threads from previous firmware versions (that would be a lot of reading!) I did see Kamoj add-ons mentioned but was not sure what they were. Is there a link somewhere I can read more about them and how to get them installed? Also would the add on just fix the time sync problem on the router or on all the devices trying to use NTP on my network?
Kamoj information add-on V4 for Netgear R7800 X4S and R9000 X10 (Temperatures a.o.)
 

Thank you for the info. I got everything installed and working. It looks like the router did perform a successful time sync:

NTP synchronized OK: 2019-12-11 18:03:12: Boot sequence: 34+ seconds. Time then synchronized after 18 seconds. Synch indicators: (F)​

However the time sync through the GUI still does not work and time sync on all of the other devices on my network are also not working. :( In other words the Kamoj add-ons did not resolve my problem (although the add-ons are very cool!)
 
Thank you for the info. I got everything installed and working. It looks like the router did perform a successful time sync:

NTP synchronized OK: 2019-12-11 18:03:12: Boot sequence: 34+ seconds. Time then synchronized after 18 seconds. Synch indicators: (F)​

However the time sync through the GUI still does not work and time sync on all of the other devices on my network are also not working. :( In other words the Kamoj add-ons did not resolve my problem (although the add-ons are very cool!)
@kamoj ^^
 
Thank you for the info. I got everything installed and working. It looks like the router did perform a successful time sync:

NTP synchronized OK: 2019-12-11 18:03:12: Boot sequence: 34+ seconds. Time then synchronized after 18 seconds. Synch indicators: (F)​

However the time sync through the GUI still does not work and time sync on all of the other devices on my network are also not working. :( In other words the Kamoj add-ons did not resolve my problem (although the add-ons are very cool!)

I think the results I am seeing are expected. The Kamoj add on just synchronizes the time on the actual router using an alternate method - it does nothing to fix the underlying port translation problem that exists when other devices are trying to use NTP and port 123.
 
I think the results I am seeing are expected. The Kamoj add on just synchronizes the time on the actual router using an alternate method - it does nothing to fix the underlying port translation problem that exists when other devices are trying to use NTP and port 123.

Or I should say the underlying problem that the router does not use port masquerading when NTP and port 123 are being used.
 
FYI I am pretty technical but advanced networking and working in Linux are not my strengths. However I am pretty good at following instructions so if anyone does have any suggestions I will be happy to try.
Thank you for the info. I got everything installed and working. It looks like the router did perform a successful time sync
it does nothing to fix the underlying port translation problem that exists when other devices are trying to use NTP and port 123.

What I would do in such situation (just hints, sorry):

1. Install own NTP server from Entware
https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html

2. Try to intercept port "123" requests and redirect them to your router LAN IP by iptables. My thread with Selective Parental Control with redirection of port 53 as an example:
https://www.snbforums.com/threads/selective-parental-control-in-my-build-of-firmware.54815/

3. Or alternative method w/o using iptables e.g. adding your LAN router IP to the "hosts" file in etc directory, replacing real ip of NTP servers for example:

192.168.1.1 pool.ntp.org
192.168.1.1 time.windows.com
. . .


4. Or something like this with dnsmasq config adding your own lines (red) by post-mount.sh script such as:

# Filter what we send upstream
domain-needed
bogus-priv
localise-queries
no-negcache
cache-size=4096
strict-order
address=/pool.ntp.org/192.168.1.1
address=/time.windows.com/192.168.1.1

. . .


But all this requires some self-studying iptables/entware/dnsmasq my post-mount.sh and firewall-start.sh special scripts etc.

Voxel.
 
What I would do in such situation (just hints, sorry):

1. Install own NTP server from Entware
https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html

2. Try to intercept port "123" requests and redirect them to your router LAN IP by iptables. My thread with Selective Parental Control with redirection of port 53 as an example:
https://www.snbforums.com/threads/selective-parental-control-in-my-build-of-firmware.54815/

3. Or alternative method w/o using iptables e.g. adding your LAN router IP to the "hosts" file in etc directory, replacing real ip of NTP servers for example:

192.168.1.1 pool.ntp.org
192.168.1.1 time.windows.com
. . .


4. Or something like this with dnsmasq config adding your own lines (red) by post-mount.sh script such as:

# Filter what we send upstream
domain-needed
bogus-priv
localise-queries
no-negcache
cache-size=4096
strict-order
address=/pool.ntp.org/192.168.1.1
address=/time.windows.com/192.168.1.1

. . .


But all this requires some self-studying iptables/entware/dnsmasq my post-mount.sh and firewall-start.sh special scripts etc.

Voxel.

Thanks for the suggestions @Voxel. There are problems with each solution though:

1. I actually already did this by setting up an NTP server on one of my Windows machines that is always up. First problem though is that the actual NTP server may have issues syncing time with an outside NTP server. Second problem is that my NTP server somehow broke. I have not troubleshot or fixed it yet and instead was looking for alternative solutions to running my own NTP server. Third problem is this only accounts for devices where I can change what NTP server the device uses. For some devices like IoT devices I may not be able to redirect to what NTP server it uses.

2. This is an interesting solution but would it require that I add a rule for every single device on the network? I have a lot of devices (e.g. a lot of smart light switches) and adding a rule for every device would be quite cumbersome. I just checked in my rotuer and I have 79 devices connected in my network (besides the main R7800 I also have a couple of wired WAPs to handle the load). Is there some way I can add a "universal" rule for all devices. In other words any requests for port 123 to always be redirected to my internal NTP server regardless of what device it comes from?

3. This would work for devices where I can modify the hosts file but won't work for devices where I can't (IoT devices, game consoles, etc.)

4. For this I would need to figure out what NTP server my IoT and other non-configurable devices are using, assuming they are using a name and not just a hard coded IP address.

The real solution would be for the router to properly use port masquerading and a dynamic ephemeral port for the reply back from the NTP server. Unfortunately it does not seem like there is a way I can configure this on an R7800, or at least not a way that I know how to.
 
I actually already did this by setting up an NTP server on one of my Windows machines that is always up.

I mean that your NTP server should be your router. If it is working already after kamoj add-on. If not:

https://community.netgear.com/t5/Orbi/Orbi-unable-to-update-time-v1-8-0-6/m-p/1249306

you just should change the file /etc/init.d/ntpclient using this port: 1238 instead of 123.

This is an interesting solution but would it require that I add a rule for every single device on the network?

Not of course. Example is just an example. Universal preferable solution IMO. For all of your devices you should intercept 123 port w/o MAC specific. My Parental Control "53" is selective (depends on MAC). Your "123" should be common for all devices, not using concrete MAC. Google how to (iptable)... I would try to use this way first of all. Sorry, but I really have no time to emulate your problem and to issue step-by step instruction...


Voxel.
 
R7800 user here and I just installed voxel xx.72 firmware on my router and wanted to thank you - voxel for all the hard work you do. I am a developer myself and can't imagine how people like you find time to do these great open source projects. You guys have a significant positive impact on the world.

I have been on stock firmware until now but this blackfriday I decided to build a home server - Debian OS and I expected to use WOL over the internet by forwarding port 7 and 9 to the internal broadcast network address. After doing some research I found out that this would be a very bad idea from a security standpoint- Smurf attack and all... So I needed a way to ssh in to a device (preferably router) and send a magic packet through the device but stock firmware doesn't support ssh and I am glad I found Voxel's R7800 firmware supports ssh.

Like I mentioned before, I just installed Voxel's firmware, so didn't get a chance to play around with it. I was wondering if someone in this forum had any experience with a similar usecase as mine to give me some tips and save me some time :) thanks!
 
I mean that your NTP server should be your router. If it is working already after kamoj add-on. If not:

https://community.netgear.com/t5/Orbi/Orbi-unable-to-update-time-v1-8-0-6/m-p/1249306

you just should change the file /etc/init.d/ntpclient using this port: 1238 instead of 123.



Not of course. Example is just an example. Universal preferable solution IMO. For all of your devices you should intercept 123 port w/o MAC specific. My Parental Control "53" is selective (depends on MAC). Your "123" should be common for all devices, not using concrete MAC. Google how to (iptable)... I would try to use this way first of all. Sorry, but I really have no time to emulate your problem and to issue step-by step instruction...


Voxel.

Ok thanks for the help and clarification Voxel. I didn't realize the Kamoj add ons added an NTP server. I will give your suggestions a try and report. Thanks again for the great firmware and all of the help!
 
Hello everyone I am on V1.0.2.72SF on a 7800 and want to know the best way to accomplish my goals

I would like to move my Smart Switches and alarm panel to their own network. I want to do this because I have read that many IoT devices have poor security
I would like to isolate my guest network from the main network but allow read only access to a folder on a USB stick attached to the router. The folder will be writable from any device on the main network.

Can I do this with the Voxel firmware?
 
Hello everyone I am on V1.0.2.72SF on a 7800 and want to know the best way to accomplish my goals

I would like to move my Smart Switches and alarm panel to their own network. I want to do this because I have read that many IoT devices have poor security
I would like to isolate my guest network from the main network but allow read only access to a folder on a USB stick attached to the router. The folder will be writable from any device on the main network.

Can I do this with the Voxel firmware?

What device do you want to read the attached drive? A Fire TV or some kind of streaming device?
 
What I would do in such situation (just hints, sorry):

1. Install own NTP server from Entware
https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html

2. Try to intercept port "123" requests and redirect them to your router LAN IP by iptables. My thread with Selective Parental Control with redirection of port 53 as an example:
https://www.snbforums.com/threads/selective-parental-control-in-my-build-of-firmware.54815/

3. Or alternative method w/o using iptables e.g. adding your LAN router IP to the "hosts" file in etc directory, replacing real ip of NTP servers for example:

192.168.1.1 pool.ntp.org
192.168.1.1 time.windows.com
. . .


4. Or something like this with dnsmasq config adding your own lines (red) by post-mount.sh script such as:

# Filter what we send upstream
domain-needed
bogus-priv
localise-queries
no-negcache
cache-size=4096
strict-order
address=/pool.ntp.org/192.168.1.1
address=/time.windows.com/192.168.1.1

. . .


But all this requires some self-studying iptables/entware/dnsmasq my post-mount.sh and firewall-start.sh special scripts etc.

Voxel.


I am using NTP redirect since some time already. Following need to be added to /etc/rc.local:

iptables -t nat -I PREROUTING -i br0 -p udp --dport 123 -j DNAT --to router.LAN.IP.address

(although haven't tested it on your FW)
 
What device do you want to read the attached drive? A Fire TV or some kind of streaming device?

I sometimes have people drop off their system for virus/malware removal and windows updates. My wife has friends who for religious reasons won't use the internet and share photos over usb sticks that get infected. I want to be able to run my cleaners from a network location but not allow them to infect it.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top