NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NTP issues when Orbi (RBR50) is in Router mode
I have AT&T Uverse with a AT&T Pace 5268AC gateway. My RBR50 is setup in router mode. It is in the DMZ of the gateway (DMZPlus mode so all traffic is directed to it) and has a public IP address. Essentially, everything works well except NTP.
WIth this setup, none of my devices can sync time from any internet time server. Not even the RBR50 itself.
If I bypass the RBR50 and plug a device directly into the AT&T gateway and it gets a NAT IP addreess from the gateway, it is able to sync time from any time server that I specify (e.g. pool.ntp.org, time.windows.com, etc.). Similarly, if I change the RBR50 to AP mode rather than router mode, so that NAT'ing is done by the AT&T gateway, NTP works.
I did a lot of online searching and found that AT&T apparently blocks UDP 123 (which NTP uses) but it is not a problem when NAT is handled by the AT&T gateway. It also appears that if you are using your own router, you can avoid the problem by masquerading our outbound UDP 123 traffic to a different port number - see https://community.ui.com/questions/ATandT-Fiber-service-blocks-NTP-123-udp-outbound-Anyway-around-this/a0e90b20-591d-4224-a721-f53966262775.
I tried futzing with iptables on the RBR50. I added a nat POSTROUTING rule which masquerades outbound port 123 to another port. I was able to get the RBR50 itself to time sync with my rule in place, but could not get it to work for devices behind the RBR50. But that really doesn't matter now because for some reason, any rules I add to iptables somehow get deleted after a few minutes.
So, my questions are:
- Are others experiencing the NTP problem when their RBR50 is in Router mode?
- Is it a known issue or "feature" that iptables changes are automatically removed, or am I missing something?
Thanks.
An update for anyone who may run into this. After posting here, I remembered that I had a AT&T Arris NVG599 in my parts bin. I took it out, reset it, and configured it in "Passthrough" mode for my RBR50. Guess what - NTP has been working since, and I have kept my RBR50 in router mode.
So, FURRYe38 , you were correct about it being an ISP/gateway issue. The AT&T Pace 5268AC gateway was the problem.
13 Replies
Would be a ISP modem issue. Nothing on the Orbi that you can change to fix this.
Something to ask your ISP about. Also your Modem may need to be updated. I believe the PACE is superseded by the Arris BGW-210 if your ISP supports it.
Something you can review and try:
Orbi NTP works fine for me. Though I'm on cable and have a cable modem.
I don't agree that this is a modem issue. By putting the RBR50 in DMZPlus mode on the gateway, I am essentially bypassing the gateway/modem. The RBR50 has a pulic IP address so it's traffic is going out directly. Besides, if it was a modem issue, why does NTP work when I take the RBR50 out of the picture, leaving only the modem? The issue is AT&T blocking UDP 123, and *maybe* the RBR50 not masquerading traffic on that port to something else (which presumably the AT&T modems do). This would not be a big deal if the changes I make to iptables on the RBR50 would stick.
Maybe however DMZPlus has been known NOT to be actual DMZ or giving full public address abilities thus still causing problems.
NTP works on the MODEM since it's the main host router and you connect there. Having the RBR50 behind the modem in router mode also causes a double NAT issue however the DMZ should help with this, however it maybe still causing problems.
NTP works on the RBR. If it didn't then there would be much more users posting about it. I know I would. :smileywink:
What your seeing is mostly the ISP modems mishandling of passing requested traffic thru the DMZ in the double NAT condition. If the modem supporting full bridge mode, then this problem would be solved however ATT modems don't support that option.
Kandyman wrote:I have AT&T Uverse with a AT&T Pace 5268AC gateway. My RBR50 is setup in router mode. It is in the DMZ of the gateway (DMZPlus mode so all traffic is directed to it) and has a public IP address. Essentially, everything works well except NTP.
WIth this setup, none of my devices can sync time from any internet time server. Not even the RBR50 itself.
If I bypass the RBR50 and plug a device directly into the AT&T gateway and it gets a NAT IP addreess from the gateway, it is able to sync time from any time server that I specify (e.g. pool.ntp.org, time.windows.com, etc.). Similarly, if I change the RBR50 to AP mode rather than router mode, so that NAT'ing is done by the AT&T gateway, NTP works.
Could you comment on the reason to put the Orbi in the gateway DMZ rather than put the gateway into Bridge Mode?
(I did not watch all the way to the end, but the guy in this video seems pretty confident)
https://www.youtube.com/watch?v=3Q0Q2alkzcY
When the Orbi is put into AP mode, it is NOT in the DMZ, correct?
And, yes, I believe you are correct that Orbi periodically rewrites the iptables. There is third party firmware for the RBR50 that I believe does not, and also has a method to automatically create iptables when the router is rebooted.
http://www.voxel-firmware.com/Downloads/Voxel/html/orbi.html
Thats not "bridge mode", just the use of DMZ as a WAN traffic pass through thats supposedly unfiltered. ATT Modems don't don't support actual bridge mode.
FURRYe38 wrote:Thats not "bridge mode", just the use of DMZ as a WAN traffic pass through thats supposedly unfiltered. ATT Modems don't don't support actual bridge mode.
This time, I did watch the video all the way to the end. Yes, indeed. He has confused "bridge mode" with DMZ.
What I wonder, however, is why this person appears to think that any router will function in this setup.
Surely he would have noticed if NTP totally failed on his router or any device connected to his router? If no device can get NTP to work, then this is totally unusable.
NTP is the subject of this thread, not "bridge mode vs. DMZ". Did he do something (like when he disabled checking for "router behind router" that makes NTP work?
And yes, short term solution is to run the Orbi in AP mode until the modem problem can be resolved.
Might try this and see:
https://community.netgear.com/t5/Orbi/Netgear-Orbi-and-ATT-Pace-5268-Router/m-p/1786833/highlight/true#M68004
