NTP, or Network Time Protocol, is a protocol used to synchronize the clocks of computers on a network. NTP uses UDP port 123. In order to allow NTP traffic through your firewall, you will need to create a rule that allows traffic on UDP port 123.
To open ports on your router for NTP, you have to follow step-by-step instructions mentioned below:
What Is NTP & Why Port Forward It?
The Network Time Protocol (NTP) synchronizes clocks across devices, using a hierarchical stratum-based model from atomic or GPS clocks to everyday clients. Proper time sync is critical for logging, security (e.g., TLS, Kerberos), scheduled tasks, and distributed systems.
You might forward NTP when:
- Hosting an internal NTP server and allowing external machines (branch offices, IoT) to sync.
- Exposing a more accurate local time source (e.g., GPS-clocked server).
- Supporting remote devices or services that need trusted time.
NTP Ports & Traffic Flow
NTP primarily operates over UDP port 123, though modern servers may also accept TCP 123. Typical communication uses client–server timestamps, helping correct for network delays PC.
| Protocol | Port | Direction | Purpose |
|---|---|---|---|
| UDP | 123 | Inbound + Outbound | Standard NTP time sync |
| TCP | 123 | Inbound (Optional) | Reliability-optimized NTP transfers |
Requirements to Port Forward NTP
Just before you begin with the process of port forwarding, make sure you have the following things:
- Downloaded and installed the NTP.
- The IP address of your router.
- IP address of your gaming device.
- TCP and UDP ports of NTP for your gaming device.
Step-by-step guide on how to port forward NTP
Now that you have the above details noted down, you can move to the next stage of NTP port forwarding:
- On your web browser address bar, type your router’s IP Address/Default Gateway.
- Log in with your router’s credentials (username and password) to view your router’s firmware settings.
- Navigate to the port forwarding section of your router.
- Click on Port Forwarding.
- Enter the IP address of your gaming device in your router in the correct box.
- Put the TCP and UDP ports of the NTP server in the boxes in your router. The default NTP port number is 123. And then click the apply button.
- And you’re done. Restart your router to let the changes take effect.
- Once your changes take effect, now you can connect to NTP.
DMZ vs Port Forwarding vs Triggering
| Method | Scope | Risk Level | Use Case |
|---|---|---|---|
| Port Forwarding | Single port (123) | Low | Expose NTP securely |
| DMZ | All ports to host | High | Troubleshoot or multiple services |
| Port Triggering | Dynamic ports | Medium | Uncommon for NTP |
Recommended: Use UDP 123 port forwarding exclusively. Only use DMZ or triggering if forwarding doesn’t work due to network restrictions.
How to Open Ports Behind CGNAT
What if your ISP performs CGNAT? Most ISPs perform CGNAT (Carrier-grade Network Address Translation) to conserve bandwidth and assign a single IP address to multiple users connected to the same internet network. However, CGNAT makes it difficult for you to open ports on the router.
To get around the CGNAT issue, you can use the Port Forwarding add-on to bypass this problem and port forward routers without hassle.
Here’s more information on how to use PureVPN’s Port Forwarding add-on and bypass CGNAT in a few clicks.
PureVPN’s Port Forwarding Add-on
To most people, port forwarding is quite a demanding task. For starters, every router has a different console, which often makes it difficult to navigate to specific settings.
Secondly, you won’t always be able to open NTP ports on your router if your ISP restricts the ports. Yes, you heard that right! ISPs are notorious for blocking ports due to security reasons. If ISP isn’t the reason behind a blocked port, then perhaps it could be your operating system’s firewall.
Well, you can make all these problems go away and enjoy smooth online gaming on all your desired systems with PureVPN’s Port Forwarding add-on. Through the Port Forwarding add-on, you can allow all ports, disallow all ports, and allow specific ports.
Frequently Asked Questions
Forward both internal and external port 123 (UDP) to your internal NTP server’s static IP via your router’s port‑forward settings. Optionally forward TCP 123 if supported. Test externally using ntpdate -q or port scanners. Secure with access controls and updated NTP software.
NTP uses bi‑directional UDP port 123. According to the NTP RFC, clients send requests from source port 123 and expect replies to come back to port 123. On stateful firewalls, outbound packets automatically open the return path. However, on stateless or manually configured firewalls, you must explicitly allow incoming UDP traffic on port 123, so replies from both external NTP servers and your clients can flow correctly.
PureVPN
July 24, 2025
3 months ago