How to configure the GL.iNet router as an NTP server and redirect all LAN clients NTP request?

bruce · September 30, 2025, 11:49am

Hello,

This tutorial will guide you to set the router to NTP (network time synchronization) server and overwrite it to the LAN client's NTP service (Including the LAN port and WiFi clients) .

There is no need to change the NTP server configuration on all clients. As long as the client is connected to the router LAN port or main WiFi, when it needs to sync time, it will be responded by the router's NTP server and provide the time sync service.

SSH to router
Check whether the router system time is correct:

date

# If the time is not sync, you can trigger it manually:
/etc/init.d/sysntpd restart

Enable NTP server of router:

uci set system.ntp.enable_server='1'
uci commit system
/etc/init.d/sysntpd restart

Using the help of firewall rules, all NTP requests from listening to LAN clients are redirected to the NTP server of the router itself:

iptables -t nat -A PREROUTING -i br-lan -p udp --dport 123 -j DNAT --to-destination [Router LAN IP]:123

# Please use your router's actual LAN IP. 123 is a fixed NTP service port.
# For example, the router LAN IP of the NTP server is 192.168.8.1. 
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 123 -j DNAT --to-destination 192.168.8.1:123

Check whether the firewall rule is added and whether the port is starting to listen:

iptables -t nat -L PREROUTING -v
netstat -uln | grep 123

Add the above firewall rule to /etc/rc.local, ensure the rule always takes effect after router restart:

sed -i '/^exit 0$/i iptables -t nat -A PREROUTING -i br-lan -p udp --dport 123 -j DNAT --to-destination 192.168.8.1:123' /etc/rc.local

Verify whether to obtain the time information of the NTP server of the router in Windows PowerShell (Arbitrary public IP/domain)

w32tm /stripchart /computer:www.google.com /dataonly /samples:3

w32tm /stripchart /computer:123.123.123.123 /dataonly /samples:3

-end

Banjer · October 1, 2025, 5:46am

Thanks! Works on my X3000. It would be nice if this was added to the firmware as on option in the gui.

mbg · October 1, 2025, 6:20am

By doing this, is the iptables rule visible in Luci Network Firewall Rules?

Banjer · October 1, 2025, 1:09pm

Just checked, it doesn't appear in the firewall overview in Luci as far as I can tell.

bruce · October 10, 2025, 10:45am

This feature may appeal to a smaller audience.
We will continue to collect user requirements and reassess its potential at a later stage.

Thanks!

jess · November 11, 2025, 2:37pm

Hello! FWIW, I would like to express my interest in this feature being made easier to access and configure from the GUI.

In the meantime, thank you for the guide! Seems to be working well on my network so far.

Narfie · November 12, 2025, 7:46am

I would also love to see this feature added to the GUI.

We buy at least 4 routers a year, and this feature would simplify our setup process a lot.

bruce · November 13, 2025, 6:23am

Hello,

Thank you for your feedback.

Since the limited number of users currently utilizing this feature, we do not have immediate plans to add it to the GL GUI.

We will continue to monitor the demand for this feature. Once it exceeds a certain volume, we will initiate an evaluation.

Thank you!

joakim · January 6, 2026, 8:56pm

I’ll add my vote for this feature. While the above guide works (thanks!), a GUI feature would be helpful.

bruce · January 8, 2026, 3:53am

Thanks for the suggestions.

Zurath · January 10, 2026, 7:08pm

Limited number of users is utilizing a feature that doesn’t exist? Genius deduction…

It must also require a tremendous amount of resources to add a feature that basically exists and only needs a few lines of code to appear in your GUI. Yet you can afford releasing more and more routers that have almost exactly identical specs and set of features, while people keep asking for the most basic features like this one for years. Talking about priorities. Among which customer satisfaction is nowhere to be seen.

Zurath · January 10, 2026, 7:08pm

On GL-BE3600 it doesn’t matter if this option is set, sysntpd doesn’t listen on port 123.

Zurath · January 10, 2026, 9:22pm

Because kernel apparently lacks CONFIG_SECURITY_CAPABILITIES that is required by /etc/init.d/sysntpd right here:

[ -x /sbin/ujail -a -e /etc/capabilities/ntpd.json ] && { procd_add_jail ntpd ubus procd_add_jail_mount "$HOTPLUG_SCRIPT" procd_add_jail_mount "/usr/share/libubox/jshn.sh" procd_add_jail_mount "/usr/bin/env" procd_add_jail_mount "/usr/bin/jshn" procd_add_jail_mount "/bin/ubus" grep -q CONFIG_CAPABILITIES /proc/config.gz || return procd_set_param capabilities /etc/capabilities/ntpd.json procd_set_param user ntp procd_set_param group ntp procd_set_param no_new_privs 1 }

bruce · January 12, 2026, 9:01am

Many thanks for this info.

Aashish.007 · January 12, 2026, 9:07am

Is this the same as NTP time in Luci Settings? There we have the option to serve as NTP server to lan hosts.

bruce · January 12, 2026, 9:12am

Sincerely apologize. We highly value every customer's requires and suggestions, and we have a complete internal evaluation process for every requires.

The reason for posting this guide is that we treat every request with care, we distilled it into a simple, quick guide so that users can achieve the desired feature with less time cost.

Given the current volume of requests, we have an internal assessment with the PM team, it will continue to monitor the number of user requests.

bruce · January 12, 2026, 9:14am

There is a slight difference: this is a redirection of NTP requests, meaning that no matter what NTP server the client uses, the NTP requests will be redirected by the router to the router’s own NTP server.