NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
ORBI - Port 443 Closed even with Port Forwarding?
I have an RBR50 connected to an AT&T modem/router with IP passthrough. Synology web server is connected to the Orbi. Port Forwarding is enabled for 80 and 443 between Orbi and Synology. Howev...
Solution discovered:
I have AT&T as a service provider for Fiber; formerly I also had their U-Verse service with wireless receivers/DVR's.
Come to find out AT&T does block Port 443 for any inbound traffic. They specifically use this port for their wireless receivers/DVR's. Despite cancelling U-Verse last year, the IP/MacID of these services were still listed/cached in the AT&T modem/router which resulted in a permanent closure on Port 443.
SOLUTION FOR USERS WITH A SIMILAR ISSUE (assuming you do not have wireless receivers and just ATT fiber):
1. Login to ATT's modem router admin portal at 192.168.1.254
2. Click on Device>Device List>Clear and Rescan for Devices.
3. Perform a factory reset of the AT&T BGW210 modem/router, add port forwarding rules for allowed ports, then re-configure it for IP Passthrough to the Orbi again.
4. Apply or disable any additional settings needed for a secure network hosted by ATT or the Orbi.
This is probably a good solution for anyone with the following or similar equipment:
- At&t Arris bgw210-700
- Orbi
- Home NAS
Q: I know nothing about your "Synology web server". Does it support
HTTPS?
Yes and the personal website domain I am hosting with it has SSL encryption enabled. I can access the domain externally (via standard port 80, unencrypted) or while connected to my local network via port 80 (unencrypted) and 443 (encrypted). However, external inbound through port 443 does not work when I run a port scan at https://www.grc.com/. My ISP has confirmed they are not blocking any inbound to any ports so the problem seems to be on the Netgear ORBI side.
Q: If you say so, but, with my weak psychic powers, I can't see your
actual port-forwarding rule(s). Or any IP address reservations. Or
what you're doing.
All forwarding rules are established.
Port forwarding can be a challenge. (Not having a Synology NAS) I did an experiment just now with my Epson printer, which has a built-in web server (doesn't almost everything now days?) It can be reached by both port 80 (http) and port 443 (https). When I connect to port 443 from the local LAN, my browsers throw a fit over the "self signed certificate" and hide the option to "go there anyway" in small print.
I then created a Port Forwarding rule: TCP port 443 to 192.168.1.4 (my printer). Click Apply.
Disconnecting my smartphone from the Orbi, I opened https://<my public IP>:443. Chrome(Anddroid phone) immediately threw up the same roadblock: "Self signed SSL cert". After selecting to go ahead, the Epson web page appeared, exactly the same as on the local LAN.
So, my assertion is that the Orbi does support forwarding port 443 to a device on the local LAN. As long as the device is accepting connections from the internet, "it works".
I see three possibilities for port forwarding to (any) port not working:
- There is a router in front of the Orbi which is not forwarding the port. Since Gibson Research reports port 80 open, this would not seem to be the case. And, you have verified that the Orbi has a public IP address on the WAN port (not a private IP address it would have gotten from an ISP device.)
- There is a typo in the port forwarding rule. (UDP instead of TCP. Wrong IP address for the Synology NAS. Forgetting to click "Apply")
- The NAS is not accepting connections from the internet.
Do you have some other device on the local network that acceepts connections over port 443? (a printer such as mine? some other web server?) See if port 443 will forward to that device.