Rob Kimberley wrote:
> Does anyone have recommendations for an ADSL Wireless Router that I can
> manually set the NTP Server address on? My Belkin unit comes pre-configured
> with external server addresses. I want to use my own one here (Meinberg
> LanTime), as doing some tests on NTP jitter over wireless, and want all PCs
> and Router to be taking time from same source.
>
> Cheers
>
> Rob Kimberley
>
>

Routers generally do not do NTP in any way, shape, or form! They don't
need to know the time! Expensive professional level (Cisco) routers can
act as NTP servers or clients but using them in that way is not
recommended. There have been a couple of moderately infamous
exceptions; e.g. Netgear and D-Link. (Google for Netgear and Wisconsin
or D-Link and PHK)

If what you want is for the router's built in DHCP server to provide an
NTP server address it may be possible but I don't know of a router that
does that. The DHCP protocol does allow a query for an NTP server
address so it should be possible. It's possible that a router might
forward such a request and the reply. I don't know of one that does;
I've been using the same clunky old LinkSys BEFSR81 for many years now
and haven't looked at the consumer router market lately.

"Richard B. Gilbert" wrote in message
news:474DA691.9030407@comcast.net...
> Rob Kimberley wrote:
>> Does anyone have recommendations for an ADSL Wireless Router that I can
>> manually set the NTP Server address on? My Belkin unit comes
>> pre-configured with external server addresses. I want to use my own one
>> here (Meinberg LanTime), as doing some tests on NTP jitter over wireless,
>> and want all PCs and Router to be taking time from same source.
>>
>> Cheers
>>
>> Rob Kimberley
>>
>>
>
> Routers generally do not do NTP in any way, shape, or form! They don't
> need to know the time! Expensive professional level (Cisco) routers can
> act as NTP servers or clients but using them in that way is not
> recommended. There have been a couple of moderately infamous exceptions;
> e.g. Netgear and D-Link. (Google for Netgear and Wisconsin or D-Link and
> PHK)
>
> If what you want is for the router's built in DHCP server to provide an
> NTP server address it may be possible but I don't know of a router that
> does that. The DHCP protocol does allow a query for an NTP server address
> so it should be possible. It's possible that a router might forward such
> a request and the reply. I don't know of one that does; I've been using
> the same clunky old LinkSys BEFSR81 for many years now and haven't looked
> at the consumer router market lately.

I checked the Help File on my Belkin, which gave the following:-
Time and Time Zone
The Router keeps time by connecting to a Simple Network Time Protocol (SNTP)
server. This allows the Router to synchronize the system clock to the global
Internet. The synchronized clock in the Router is used to record the
security log and control client filtering. Select the time zone that you
reside in. If you reside in an area that observes Daylight Saving, then
place a checkmark in the box next to "Enable Daylight Saving". The system
clock may not update immediately. Allow at least 15 minutes for the router
to contact the time servers on the Internet and get a response. You cannot
set the clock yourself.

The last sentence is the problem - I want to manually set.

In article <474DA691.9030407@comcast.net>,
Richard B. Gilbert wrote:
> ...
>Routers generally do not do NTP in any way, shape, or form! They don't
>need to know the time!

Not to perform routing functions perhaps but many (most?) have an
event log which would greatly benefit from having an accurate
timestamp.

--
-- Rod --
rodd(at)polylogics(dot)com

Rob Kimberley wrote:
> "Richard B. Gilbert" wrote in message
> news:474DA691.9030407@comcast.net...
>
>>Rob Kimberley wrote:
>>
>>>Does anyone have recommendations for an ADSL Wireless Router that I can
>>>manually set the NTP Server address on? My Belkin unit comes
>>>pre-configured with external server addresses. I want to use my own one
>>>here (Meinberg LanTime), as doing some tests on NTP jitter over wireless,
>>>and want all PCs and Router to be taking time from same source.
>>>
>>>Cheers
>>>
>>>Rob Kimberley
>>>
>>>
>>
>>Routers generally do not do NTP in any way, shape, or form! They don't
>>need to know the time! Expensive professional level (Cisco) routers can
>>act as NTP servers or clients but using them in that way is not
>>recommended. There have been a couple of moderately infamous exceptions;
>>e.g. Netgear and D-Link. (Google for Netgear and Wisconsin or D-Link and
>>PHK)
>>
>>If what you want is for the router's built in DHCP server to provide an
>>NTP server address it may be possible but I don't know of a router that
>>does that. The DHCP protocol does allow a query for an NTP server address
>>so it should be possible. It's possible that a router might forward such
>>a request and the reply. I don't know of one that does; I've been using
>>the same clunky old LinkSys BEFSR81 for many years now and haven't looked
>>at the consumer router market lately.
>
>
> I checked the Help File on my Belkin, which gave the following:-
> Time and Time Zone
> The Router keeps time by connecting to a Simple Network Time Protocol (SNTP)
> server. This allows the Router to synchronize the system clock to the global
> Internet. The synchronized clock in the Router is used to record the
> security log and control client filtering. Select the time zone that you
> reside in. If you reside in an area that observes Daylight Saving, then
> place a checkmark in the box next to "Enable Daylight Saving". The system
> clock may not update immediately. Allow at least 15 minutes for the router
> to contact the time servers on the Internet and get a response. You cannot
> set the clock yourself.
>
> The last sentence is the problem - I want to manually set.
>
>

Buy a different router! Or talk to the vendor about a custom version of
the firmware (EXPENSIVE!!!).

Why do you feel that your router needs to know the time?

Rob Kimberley wrote:
> Does anyone have recommendations for an ADSL Wireless Router that I can
> manually set the NTP Server address on? My Belkin unit comes pre-configured
> with external server addresses. I want to use my own one here (Meinberg
> LanTime), as doing some tests on NTP jitter over wireless, and want all PCs
> and Router to be taking time from same source.
>

Exactly what IP addresses are being used for NTP Servers? We don't need
another DDOS attack on the NTP Servers.

Danny

>>> In article , "Rob Kimberley" writes:

Rob> Does anyone have recommendations for an ADSL Wireless Router that I can
Rob> manually set the NTP Server address on?

When I care about things like that and do not like the stock firmware, I get
a unit that will accept the openwrt.org firmware.

When I need "even more" than that, I am (currently working on) using
nanobsd.

I have also sometimes used m0n0wall. I gave up on pfSense.

H

Rod Dorman wrote:
> In article <474DA691.9030407@comcast.net>,
> Richard B. Gilbert wrote:
>
>> ...
>>Routers generally do not do NTP in any way, shape, or form! They don't
>>need to know the time!
>
>
> Not to perform routing functions perhaps but many (most?) have an
> event log which would greatly benefit from having an accurate
> timestamp.
>

Maybe the more expensive and/or more modern routers do. Mine does not.
It keeps a log that I sometimes look at just for the amazement value!
The amazement comes from the number of people probing my address
repeatedly and without success. It does not timestamp this log.

My router, a LinkSys BEFSR81, also acts as a firewall and does not allow
any incoming connection that is not a response to an outgoing request.

There is no point to timestamping the log. I can't do anything about
the thousands of probes I get daily. My ISP might but I doubt if they
care enough. If they did, I would probably have to pay them ten to a
hundred times what I do.

Now if I were operating a server (prohibited by my contract with
Comcast) I might spring for a more expensive/more capable router. . . .

>Routers generally do not do NTP in any way, shape, or form! They don't
>need to know the time!

That's misleading.

Routers often include anti-spam/abuse mechanisims which get logged.
It helps if the time stamps on the log files are correct. It's easier
to get that if the router itself uses NTP rather than depending
upon some operator to set the time correctly.

At least some routers include (S)NTP clients. Some of them are buggy.

Here is a good summary:
http://en.wikipedia.org/wiki/NTP_ser...suse_and_abuse


--
These are my opinions, not necessarily my employer's. I hate spam.

>Why do you feel that your router needs to know the time?

Log files for security incidents.

--
These are my opinions, not necessarily my employer's. I hate spam.

On Nov 28, 11:34 am, "Richard B. Gilbert"
wrote:
> They don't
> need to know the time!

Many routers absolutely DO need accurate time, for security logging
purposes. Since almost every "router" of any type (consumer or
professional) offers firewall functionality, accurate tiem stamps are
requried for logging.

Hi Rob,

Rob Kimberley wrote:
> Does anyone have recommendations for an ADSL Wireless Router that I can
> manually set the NTP Server address on? My Belkin unit comes
> pre-configured with external server addresses. I want to use my own one
> here (Meinberg LanTime), as doing some tests on NTP jitter over wireless,
> and want all PCs and Router to be taking time from same source.

As already mentioned in some other replies here the router's NTP server
configuration will (and should be) used to synchronize the router's system
time. I bet you won't even be able to use the router as an (S)NTP server.

If you have a laptop then you probably can connect it to your router either
via cable, or via WLAN.

If your LANTIME is also on your internal network you should configure ntpd
on your laptop to synchronize to the LANTIME.

First connect your laptop via cable and see how ntpd synchronizes. Then
disconnect the cable and connect via WLAN. The router should let your
laptop access the LANTIME either ways, so you can try both and compare how
the offset and jitter figures reported by "ntpq -p" (or in the loopstats)
develop over time.

I'd appreciate to see the results.

Martin
--
Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont
Germany

Ryan Malayter wrote:
> On Nov 28, 11:34 am, "Richard B. Gilbert"
> wrote:
>
>>They don't
>>need to know the time!
>
>
> Many routers absolutely DO need accurate time, for security logging
> purposes. Since almost every "router" of any type (consumer or
> professional) offers firewall functionality, accurate tiem stamps are
> requried for logging.

My LinkSys BEFSR81 logs all the attempts it blocks but without time
stamps since it doesn't have any facilities for keeping time.

If I did get time stamps, what would I do with them? There is nothing
whatever that I can do about the attempts to get into my network except
run a router/firewall that blocks them.

If what these people are doing were actionable, there might be some
point. AFAIK it's not and even if it were, it would be impractical for
me to track down the perpetrators and haul them into court. As long as
nobody succeeds in a break-in attempt, I'm not going to worry about it.

>When I care about things like that and do not like the stock firmware, I
get
>a unit that will accept the openwrt.org firmware.

+1 for OpenWRT! I installed it on a Dell Truemoble 2300 router I got off
eBay for ~$10. The hardware is more or less identical to the Linksys WRT54G,
just much cheaper to buy secondhand.

Anyhow, I have a lot of various packages running on it, including NTPD which
acts as my time source for all machines on the LAN. The Windows SNTP client
is much happier to sync to a LAN source than trying to sync over the net and
just spits back an error saying it can't sync. My little router is even
serving on the NTP Pool @ 1.5Mb/s.

Since my router is always on, (and uses very little power) it makes more
economic sense to run NTP on it than a regular PC.

Jason Rabel wrote:
> +1 for OpenWRT! I installed it on a Dell Truemoble 2300 router I got
> off eBay for ~$10. The hardware is more or less identical to the
> Linksys WRT54G, just much cheaper to buy secondhand.

Ah, but can you wire a PPS (?) GPS to it?-)

rick jones
--
firebug n, the idiot who tosses a lit cigarette out his car window
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On Nov 29, 9:09 am, "Richard B. Gilbert"
wrote:

> My LinkSys BEFSR81 logs all the attempts it blocks but without time
> stamps since it doesn't have any facilities for keeping time.
>
> If I did get time stamps, what would I do with them? There is nothing
> whatever that I can do about the attempts to get into my network except
> run a router/firewall that blocks them.
>
> If what these people are doing were actionable, there might be some
> point. AFAIK it's not and even if it were, it would be impractical for
> me to track down the perpetrators and haul them into court. As long as
> nobody succeeds in a break-in attempt, I'm not going to worry about it.

A few years ago, we noticed port scanning in our firewall logs coming
from another company. We have them the time range and the IP
addresses, and they were able to track it down and stop it.

Also, companies that accept credit cards mey be required by PCI-DSS to
maintain time-stamped firewall logs for at least a year. There are a
great many small businesses that accept credit cards which might also
have a wireless router/firewall on the interent.

My basic point: time-stamped logs do often contain actionable
information, and are often required by industry or governmental
regulations in many cases. They also make good sense, as thay can help
correlate network events for debugging purposes.

Replying to message

> Does anyone have recommendations for an ADSL Wireless Router that I can
> manually set the NTP Server address on? My Belkin unit comes pre-configured
> with external server addresses. I want to use my own one here (Meinberg
> LanTime), as doing some tests on NTP jitter over wireless, and want all PCs
> and Router to be taking time from same source.


I think I implemented something similar to what you want to accomplish.

I put the wireless router behind my gateway (a NetBSD box) and used IP
redirection to override the router's hardcoded attempts to connect to an
external NTP server.

It was rather straightforward. I set up some ipf rules to accept and log
outgoing requests on UDP port 123, then used ipmon to capture the
information and figure out the address the wireless router attempts to
connect to. Then, I put the following line in /etc/ipnat.conf:

rdr re1 209.81.9.7/32 port 123 -> 127.0.0.1 port 123 udp

With this configuration, my wireless router no longer connects to the
outside world. My own gateway's NTP server provides the answers.

--
Pierre Dubuc
pldubuc@yahoo.ca