What's new

YazFi YazFi - Allow NTP only

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

yster

New Around Here
Hello to everyone, long-time lurker, first time poster - please be gentle!
I tried to find the answer for my question for days before posting, but to no avail, so here goes:

I have a Synology NAS with a cloud-based D-Link camera for which I made a guest network with no Internet access.
Everything works fine but the camera is quite limited in functionality (for the sake of D-Link getting your data I assume) and relies on Internet connection to sync time (with an offset of 2hrs anyway).
As a result, everytime the camera is restarted, the time overlay starts with 2020/01/20 - 00:00:00, which kind of defeats the purpose of storing footage.

Apparently, the Synology Surveillance Station cannot pose as NTP server for the camera either, due to the limits mentioned above.

Since I am no expert on routing via terminal and do not want to make a complete mess out of my rather safe home network:

Is there a way to open just the NTP port(s) for the guest network, without the fear of finding my house on insecam.org?
Alternatively, is there a way to "tell" the camera on the guest network to look for NTP data on the router?

Thank you in advance!
 
YazFi already is supposed to allow NTP traffic to the router from YazFi guest clients. Per the YazFi Github: https://github.com/jackyaz/YazFi
Feature expansion of guest WiFi networks on AsusWRT-Merlin, including, but not limited to:
  • Dedicated VPN WiFi networks
  • Separate subnets for organisation of devices
  • Restrict guests to only contact router for ICMP, DHCP, DNS, NTP and NetBIOS
  • Allow guest networks to make use of pixelserv-tls (if installed)
  • Allow guests to use a local DNS server
  • Extend DNS Filter to guest networks
One can enable an NTP server within the Asus Merlin interface and force the router to intercept NTP client requests. See Administration > System > Basic Config.
asusmerlinntp.jpg


There is also a separate add-on by Jack Yaz for NTP that provides more features and options than the Asus Merlin's NTP server.

If one continues to have issues with NTP requests from the YazFi guest WiFi clients not reaching the local LAN, one can setup custom firewall rules for YazFi to allow certain network traffic through to the local LAN. See the Custom Firewall Rules section at the YazFi Github link above. If I remember right NTP uses port 123.

To set the NTP server on the Camera itself one will have to consult with their camera's administration page or it's user manual to see if the camera allows for the user to manually set the NTP server to a custom value.
 
Thanks @bennor! I forgot to mention that I would like to route NTP requests only for the said network, as running a local NTP server on the router resulted in more pain than gain.

I assumed that a custom firewall rule could be made, but the YazFi documentation is scarce and as mentioned before, I am no expert, so I have no idea how to properly open a forward of NTP to the device, without exposing it to the internet completely.

To set the NTP server on the Camera itself one will have to consult with their camera's administration page or it's user manual to see if the camera allows for the user to manually set the NTP server to a custom value.

This is hardly possible, there is a way to manipulate the HW but involves some actual hardware hacking. Not worth the time nor effort.
 
Thanks @bennor! I forgot to mention that I would like to route NTP requests only for the said network, as running a local NTP server on the router resulted in more pain than gain.

I assumed that a custom firewall rule could be made, but the YazFi documentation is scarce and as mentioned before, I am no expert, so I have no idea how to properly open a forward of NTP to the device, without exposing it to the internet completely.



This is hardly possible, there is a way to manipulate the HW but involves some actual hardware hacking. Not worth the time nor effort.
A search for past YazFi and NTP discussions in this subforum turned up the following similar discussion that may or may help.

 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top