NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
ORBI - Port 443 Closed even with Port Forwarding?
I have an RBR50 connected to an AT&T modem/router with IP passthrough.
Synology web server is connected to the Orbi.
Port Forwarding is enabled for 80 and 443 between Orbi and Synology. However port 443 says closed if I try to run a test using a port checker on the web. Synology also indicates its showing closed.
AT&T is not blocking any inbound traffic to 443 so it's on the Orbi side. Any ideas?
Solution discovered:
I have AT&T as a service provider for Fiber; formerly I also had their U-Verse service with wireless receivers/DVR's.
Come to find out AT&T does block Port 443 for any inbound traffic. They specifically use this port for their wireless receivers/DVR's. Despite cancelling U-Verse last year, the IP/MacID of these services were still listed/cached in the AT&T modem/router which resulted in a permanent closure on Port 443.
SOLUTION FOR USERS WITH A SIMILAR ISSUE (assuming you do not have wireless receivers and just ATT fiber):
1. Login to ATT's modem router admin portal at 192.168.1.254
2. Click on Device>Device List>Clear and Rescan for Devices.
3. Perform a factory reset of the AT&T BGW210 modem/router, add port forwarding rules for allowed ports, then re-configure it for IP Passthrough to the Orbi again.
4. Apply or disable any additional settings needed for a secure network hosted by ATT or the Orbi.
This is probably a good solution for anyone with the following or similar equipment:
- At&t Arris bgw210-700
- Orbi
- Home NAS
7 Replies
> Synology web server is connected to the Orbi.
I know nothing about your "Synology web server". Does it support
HTTPS?> Port Forwarding is enabled for 80 and 443 between Orbi and Synology.
> [...]If you say so, but, with my weak psychic powers, I can't see your
actual port-forwarding rule(s). Or any IP address reservations. Or
what you're doing.> [...] port 443 says closed [...]
But not port 80?
> [...] Synology also indicates its showing closed.
"it's"? "Synology" the corporation, or some (unspecified) "Synology"
device, or what, exactly, "indicates" what, exactly, how, exactly?
It might be helpful if you described actual events in the real world,
rather than providing your interpretation of what you believe a bunch of
invisible stuff really means.For the usual problems with port forwarding, see:
https://community.netgear.com/t5/x/x/m-p/1859106
"3" sounds potentially applicable.
Why are you doing this? Whatever this thing really is, do you want
to expose it, on standard ports, to the whole Internet?I agree it would be helpful to know the specific model of Synology device (there are SO many) and the intended purpose.
When I began searching for "access synology server remotely", the first thing that popped up was something very similar to Orbi Anywhere Access: https://www.howtogeek.com/346744/how-to-remotely-access-your-synology-nas-using-quickconnect/
This apparently does not require opening any ports through the router.
This reference mentions forwarding port 5006:
From my brief experiments with port forwarding, the Orbi appears to do exactly what it is told. The two obstacles that I encountered were:
- When the upstream device is also a router and blocks the port. It is possible to surmount this issue by creating port forwarding rules on both routers, but complicated.
- When the receiving device does not accept connections. Windows Firewall, for example, has separate rules for 'local' and 'remote' connections. Does Synology have a similar firewall configuration?
Q: I know nothing about your "Synology web server". Does it support
HTTPS?Yes and the personal website domain I am hosting with it has SSL encryption enabled. I can access the domain externally (via standard port 80, unencrypted) or while connected to my local network via port 80 (unencrypted) and 443 (encrypted). However, external inbound through port 443 does not work when I run a port scan at https://www.grc.com/. My ISP has confirmed they are not blocking any inbound to any ports so the problem seems to be on the Netgear ORBI side.
Q: If you say so, but, with my weak psychic powers, I can't see your
actual port-forwarding rule(s). Or any IP address reservations. Or
what you're doing.All forwarding rules are established.
Port forwarding can be a challenge. (Not having a Synology NAS) I did an experiment just now with my Epson printer, which has a built-in web server (doesn't almost everything now days?) It can be reached by both port 80 (http) and port 443 (https). When I connect to port 443 from the local LAN, my browsers throw a fit over the "self signed certificate" and hide the option to "go there anyway" in small print.
I then created a Port Forwarding rule: TCP port 443 to 192.168.1.4 (my printer). Click Apply.
Disconnecting my smartphone from the Orbi, I opened https://<my public IP>:443. Chrome(Anddroid phone) immediately threw up the same roadblock: "Self signed SSL cert". After selecting to go ahead, the Epson web page appeared, exactly the same as on the local LAN.
So, my assertion is that the Orbi does support forwarding port 443 to a device on the local LAN. As long as the device is accepting connections from the internet, "it works".
I see three possibilities for port forwarding to (any) port not working:
- There is a router in front of the Orbi which is not forwarding the port. Since Gibson Research reports port 80 open, this would not seem to be the case. And, you have verified that the Orbi has a public IP address on the WAN port (not a private IP address it would have gotten from an ISP device.)
- There is a typo in the port forwarding rule. (UDP instead of TCP. Wrong IP address for the Synology NAS. Forgetting to click "Apply")
- The NAS is not accepting connections from the internet.
Do you have some other device on the local network that acceepts connections over port 443? (a printer such as mine? some other web server?) See if port 443 will forward to that device.
