NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

seachellemz's avatar
seachellemz
Aspirant
Nov 21, 2022

Orbi w/XFI and Port Forwarding

I have an Xfinity XFI Gateway front-ending an Orbi Mesh Network.  I have a web server that I am hosting on my network.  Right now I am unable to access my website from outside of my network.  Here is what I have done to configure it:

  • I have configured the XFi gateway for Bridge Mode. 
  • I have configured a Port Forward rule on the XFi gateway to forward all traffic to port 443 to the Orbi.
  • I have configured a Port Forward Rul on the Orbi to forward traffic for port 443 to the IP address on my local network hosting the website.  

So my assumption is that the request hits the xfi router, and get's forwarded to the Orbi device which then forwards it to the local device on my network hosting that website.  

 

Can anyone point out what might be wrong with this configuration and if so, what should I do differently?

Troubleshooting

6 Replies

Sort By
  • CrimpOn's avatar
    CrimpOn
    Guru
    Nov 21, 2022

    If the gateway is really in bridge mode, then port forwarding rules are not relevant. Could you try an experiment and use a different port number (as a test) 

    • CrimpOn's avatar
      CrimpOn
      Guru
      Nov 21, 2022

      Could you specify the exact model of Xfinity xFi gateway (there appear to be several).  I'd like to find the user manual and see how Xfinity describes Bridge Mode. 

       

      Your hunch is entirely correct that a typical "Double NAT" makes exposing servers to the internet very difficult.  There are several common solutions:

      • Place the ISP device into Bridge Mode.
        Leave the customer router in router mode.
        Create port forwarding rules on the customer router.
      • Leave the ISP device in router mode.
        Place the customer WiFi equipment in Access Point (AP) mode.
        Create port forwarding rules on the ISP router.
      • Leave the ISP device in router mode.
        Put the customer router in the ISP router DMZ.
        Create port forwarding rules on the customer router.
      • Leave the ISP device in router mode.
        Create port forwarding rules on the ISP router to forward to the IP address of the customer router.
        Create port forwarding rules on the customer router to forward to the local server.
        I have done this successfully, but it is cumbersome and tedious.  If "nothing else works".... maybe.
        (I just did it to verify that it is possible.  I actually forwarded ports through three routers.)

      I asked about trying a different port because 443 is sort of "special".  The Orbi router accepts connections on port 443 for the Orbi web browser interface.  I have successfully forwarded port 80 through my Orbi router, but do not currently have a web server that I can expose to the internet for a test.

      • CrimpOn's avatar
        CrimpOn
        Guru
        Nov 21, 2022
        CrimpOn wrote:

        I asked about trying a different port because 443 is sort of "special".

        Remembered that my security cameras have a web server that can be set to both  http (80) and https (443).  Forwarded port 443 through the router to the camera. Disconected phone from WiFi to use LTE and web browser connected to camera. (web interface unusable on the tiny phone screen, but it certainly connected.)

         

        Plus Shields Up! reported port 443 "open" which it does only if a device on the LAN actually responds to a connection request.
        https://www.grc.com/shieldsup 

         

        The xFi router does not appear to be in Bridge Mode.  Would either call Xfiinity to get help (and maybe very frustrated) or put the Orbi in the xFi router DMZ.

         

         

    • seachellemz's avatar
      seachellemz
      Aspirant
      Nov 21, 2022
      So are you suggesting I just don’t need to port forwarding rule on the Xfinity Gateway?
      I did try just eliminating the port forward rule on the Xfinity gateway, but that still did not work. .
  • Mikey94025's avatar
    Mikey94025
    Hero
    Nov 21, 2022

    I think there may be a restriction with forwarding port 443.  Try a different port forwarded to port 443 on your internal web server host.

     

    Try following the steps in the port forwarding community FAQ to confirm that you have bridge mode, etc. configured correctly and that the port is open to the outside world: https://community.netgear.com/t5/Orbi-WiFi-6-AX-and-WiFi-6E-AXE/Community-FAQ-My-Orbi-port-forwarding-doesn-t-work/td-p/1984296.  If your web server host is Windows, also check that the network is set to "private".

  • FURRYe38's avatar
    FURRYe38
    Guru
    Nov 21, 2022

    What Orbi model do you have? 

    What Firmware version is currently loaded?

    seachellemz wrote:

    I have an Xfinity XFI Gateway front-ending an Orbi Mesh Network.  I have a web server that I am hosting on my network.  Right now I am unable to access my website from outside of my network.  Here is what I have done to configure it:

    • I have configured the XFi gateway for Bridge Mode. 
    • I have configured a Port Forward rule on the XFi gateway to forward all traffic to port 443 to the Orbi.
    • I have configured a Port Forward Rul on the Orbi to forward traffic for port 443 to the IP address on my local network hosting the website.  

    So my assumption is that the request hits the xfi router, and get's forwarded to the Orbi device which then forwards it to the local device on my network hosting that website.  

     

    Can anyone point out what might be wrong with this configuration and if so, what should I do differently?