NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Setting RBR50 as DMZ with Xfinity
Hi All,
I wanted to give my network a try with using the RBR50 as my network router. To accomplish this I have connected my Xfinity router to the WAN port of the RBR50 and have set the RBR50 as a DMZ host in my Xfinity router. So the Xfintiy router is assigning an IP addres to the RBR50 which is what was used as the DMZ Host. This is not the same IP address as the subnet assigned to the RBR50 to manage the LAN.
Everything is running quite smoothly but I am not sure how protected my network is. In my Xfinity router I have the firewall set to Minimum Security which only lists IDENT (port 113) as being blocked. My limited understanding of setting the RBR50 as a DMZ host is that the RBR50 is not protected by this Xfinity firewall setting. I have read some information that contradicts this and states that the Xfintiy router firewall still applies but those articles were admittedly a bit over my head.
I would think that the RBR50 has a firewall of its own to remedy my concern but I do not see anything in the web gui showing that or what it amy be currently blocking.
Does this mean that there is currently zero protection on my LAN and if I want any security, for example to block port 113 like the Xfinity router is set to, that I would have to create that manually in the RBR50 interface? If so how do i know what other ports I should be blocking that the Xfinity router may be protecting me from?
I am using DMZ because I saw it recommended multiple times in posts here. I do have the option of putting hte Xfintiy router in Bridge mode but would assume that would defintiely disable the Xfinity firewall and i would have the same questions. I also figured using hte DMZ set up would have the Xfinity router continue to manage the MoCA network and I would not have to worry about any issues with my DVR setup.
Thanks in advance for any help that can be offered on this question. Let me know if there is any additonal ifno I can provide on this topic.
5 Replies
All Orbi routers have built in firewalls.
Modem/Router Combos:
This would be a double NAT condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the Orbi router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the Orbi router gets from the modem. Then you can use the Orbi router in Router mode.
3. Or disable all wifi radios on the modem and connect the Orbi router to the modem, configure AP mode on the Orbi router. https://kb.netgear.com/31218/How-do-I-configure-my-Orbi-router-to-act-as-an-access-point and https://www.youtube.com/watch?v=H7LOcJ8GdDo&app=desktopOption #2 can be used if you want to use the Orbi in router mode.
PaulMaxx wrote:Hi All,
I wanted to give my network a try with using the RBR50 as my network router. To accomplish this I have connected my Xfinity router to the WAN port of the RBR50 and have set the RBR50 as a DMZ host in my Xfinity router. So the Xfintiy router is assigning an IP addres to the RBR50 which is what was used as the DMZ Host. This is not the same IP address as the subnet assigned to the RBR50 to manage the LAN.
Everything is running quite smoothly but I am not sure how protected my network is. In my Xfinity router I have the firewall set to Minimum Security which only lists IDENT (port 113) as being blocked. My limited understanding of setting the RBR50 as a DMZ host is that the RBR50 is not protected by this Xfinity firewall setting. I have read some information that contradicts this and states that the Xfintiy router firewall still applies but those articles were admittedly a bit over my head.
I would think that the RBR50 has a firewall of its own to remedy my concern but I do not see anything in the web gui showing that or what it amy be currently blocking.
Does this mean that there is currently zero protection on my LAN and if I want any security, for example to block port 113 like the Xfinity router is set to, that I would have to create that manually in the RBR50 interface? If so how do i know what other ports I should be blocking that the Xfinity router may be protecting me from?
I am using DMZ because I saw it recommended multiple times in posts here. I do have the option of putting hte Xfintiy router in Bridge mode but would assume that would defintiely disable the Xfinity firewall and i would have the same questions. I also figured using hte DMZ set up would have the Xfinity router continue to manage the MoCA network and I would not have to worry about any issues with my DVR setup.
Thanks in advance for any help that can be offered on this question. Let me know if there is any additonal ifno I can provide on this topic.
Hi FURRYe38 ,
Thank you for your reply. Option 2 is what I am currently using and I believe I saw the exact same options in a previous post of yours that gave me the idea.
This still however leaves the questions regarding the firewall functionlity of the Orbi unanswered as well as what role the router firewalll may or may not be playing.
How can I see that the Orbi firewall is active and what it is currently set to protect?
The firewall is automatic and always running on Orbi systems when in router mode. AP mode it gets disabled.
You can look at the router logs and be sure you have "Known DoS attacks and Port Scans" enabled. If you see and DoS entries in the log which most do, you'll know its working. It always is.
