What's new

ntpMerlin ntpMerlin - NTP Daemon for AsusWRT Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

well NAT Acceleration is not necessary if you have a slow connection,, but you may suffer if you have a top teir connection and you disable it.

I forgot to mention that I removed "tos maxdist 16" from my ntp.conf after disabling the LAN switches.

I have FIOS 100 Mbps up/down. I've done a bunch of speed tests from various devices on subnets on my network and I haven't seen any degradation in speeds. I also haven't noticed any difference in CPU loads.
 
I forgot to mention that I removed "tos maxdist 16" from my ntp.conf after disabling the LAN switches.

I have FIOS 100 Mbps up/down. I've done a bunch of speed tests from various devices on subnets on my network and I haven't seen any degradation in speeds. I also haven't noticed any difference in CPU loads.
Yea you wouldnt notice anything unless you had much higher speeds.
 
Ntpmerlin is a great script , I love the ability to be able to customize ntp.conf. And the graphs to show the setup..
 
I continued trying to figure out why my network required "tos maxdist 16" to get ntpd to sync. Even with that setting, ntpd would very frequently switch peers - but it least it would stay synced. Finally, I disabled everything in "LAN - Switch Control". Before, I had everything enabled. Now ntpd syncs right up and is quite stable. Not sure why I had enabled all of those features to begin with...
My guess is Jumbo Frames although I cannot explain why, anecdotally, it is so problematic.
 
Ntpmerlin is a great script , I love the ability to be able to customize ntp.conf. And the graphs to show the setup..

Yes it is thanks to Jack Yaz for making it so easy to install and kvic for the early development.

The thing I love about it is that you can use ntpq -p to see what's going on and in particular "NTP Time Server Monitor by Meinberg 1.04" which shows at a glance how everything is running.

Time Server Monitor Capture 20190531.JPG



To my knowledge you can't do that with the stock ntp?

Question regarding the color in the graphs - the offset shows in yellow but the jitter shows in grey. Any way to change the jitter to say red?
 
Last edited:
I forgot to mention that I removed "tos maxdist 16" from my ntp.conf after disabling the LAN switches.

I have FIOS 100 Mbps up/down. I've done a bunch of speed tests from various devices on subnets on my network and I haven't seen any degradation in speeds. I also haven't noticed any difference in CPU loads.

After a bunch more experimentation, enabling CTF was causing my ntpd problems. Not sure why exactly, but I'm not seeing any performance difference with it off.
 
After a bunch more experimentation, enabling CTF was causing my ntpd problems. Not sure why exactly, but I'm not seeing any performance difference with it off.

There is no difference because your wan speed is not fast enough yet.

I believe you need a > 500 Mbps connection before you will notice it.
 
has anybody figured out what is causing ntp merlin to lose its "redirect option" on the prerouted traffic?
Code:
NTP_Redirect(){
    case $1 in
        create)
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)" 2>/dev/null
            iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ create 2>/dev/null
        ;;
        delete)
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ delete 2>/dev/null
        ;;
    esac
}
the iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)" 2>/dev/null -----in the create option.
should possibly be coded as a second option or maybe a append only if needed style
 
has anybody figured out what is causing ntp merlin to lose its "redirect option" on the prerouted traffic?
Code:
NTP_Redirect(){
    case $1 in
        create)
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)" 2>/dev/null
            iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ create 2>/dev/null
        ;;
        delete)
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ delete 2>/dev/null
        ;;
    esac
}
the iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)" 2>/dev/null -----in the create option.
should possibly be coded as a second option or maybe a append only if needed style
Uptime 12 days 20 hours 1 minute(s) 27 seconds

Rules still intact:
Code:
admin@RT-AC86U:/tmp/home/root# iptables -t nat -S | grep 123
-A PREROUTING -p udp -m udp --dport 123 -j DNAT --to-destination 10.14.16.1

-D -A/-I is an accepted practise. While you could -C to see if the rule exists, there is little to no difference.

My advice is to try and check regularly, and catch whatever is in syslog that might be causing it
 
I saw one guy said it might be related to changes inside miniupnpd wouldn't it be better to place the option inside firewall start -vs nat-start?
 
I saw one guy said it might be related to changes inside miniupnpd wouldn't it be better to place the option inside firewall start -vs nat-start?
I've just forced miniupnpd to restart (service restart_upnp seems to do it), and no changes. In any case, I've just pushed a hotfix that adds a sleep inside ntpmerlin when called from nat-start, to adopt best practise for nat-start calls
 
Uptime 12 days 20 hours 1 minute(s) 27 seconds

Rules still intact:
Code:
admin@RT-AC86U:/tmp/home/root# iptables -t nat -S | grep 123
-A PREROUTING -p udp -m udp --dport 123 -j DNAT --to-destination 10.14.16.1

-D -A/-I is an accepted practise. While you could -C to see if the rule exists, there is little to no difference.

My advice is to try and check regularly, and catch whatever is in syslog that might be causing it
merlins built in feature uses

when you iptables -t nat -S | grep 123 -with merlins built in server it uses

Code:
-A PREROUTING -i br0 -p udp -m udp --dport 123 -j REDIRECT --to-ports 123
-A PREROUTING -i br0 -p tcp -m tcp --dport 123 -j REDIRECT --to-ports 123

what is the main difference???
 
@RMerlin what is the cleanest way to restart things after setting the below nvram please? By clean, I mean that ntpd from the firmware will be stopped and the redirect iptables rules removed
Code:
nvram set ntpd_enable=0
nvram set ntpd_server_redir=0
 
How about
Code:
iptables -t nat -S | grep 123

Code:
NTP_Redirect(){
    case $1 in
        create)
          If
            iptables -t nat -S | grep 123 > /dev/null 2>&1
         Then
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)" 2>/dev/null
            iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
             Auto_DNSMASQ create 2>/dev/null
         Else
            iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ create 2>/dev/null
          Fi

        ;;
        delete)
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ delete 2>/dev/null
        ;;
    esac
}
 
Last edited:
How about
Code:
iptables -t nat -S | grep 123

Code:
NTP_Redirect(){
    case $1 in
        create)
          If
            iptables -t nat -S | grep 123 > /dev/null 2>&1
         Then
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)" 2>/dev/null
            iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
             Auto_DNSMASQ create 2>/dev/null
         Else
            iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ create 2>/dev/null
            Fi

        ;;
        delete)
            iptables -t nat -D PREROUTING -p udp --dport 123 -j DNAT --to "$(nvram get lan_ipaddr)"
            Auto_DNSMASQ delete 2>/dev/null
        ;;
    esac
}
What problem does this solve? It's not a case of -D firing and not the -A (causing the rules to go missing)
 
I am for the notion that the only reason it would be missing from the iptables is if the script deleted it. And not because it didnt fire up on a reboot.
 
@RMerlin what is the cleanest way to restart things after setting the below nvram please? By clean, I mean that ntpd from the firmware will be stopped and the redirect iptables rules removed
Code:
nvram set ntpd_enable=0
nvram set ntpd_server_redir=0

Code:
service restart_time
service restart_firewall
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top