NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi port forwarding still fails
Well, I've done a bunch more testing and experimenting (and trying to decode how this community's forums work 😉 What I've learned so far is:
My server is visible and responds to connections from inside the Orbi's domain. If I enter the URl, with either the hostname or the IPaddr, from browsers on machines connected to the Orbi router, I get an instant reply. Insite the server, the cgi scripts help by writing debug info to a log file, which I can see on the server's screen (or an ssh'd window on other local machines). So the server itself is working fine and replying as I expect to queries that reach it.
I have a nice test of outside connections, in the form of my cell phone. I go to its settings and tell it to not talk to local wifi, but to send all requests via its connection to the phone company, who then routes the requests back to our address. When I try it with a URL pointing to our address (IPaddr or hostname), my server's logs show nothing; no contact from anyone. I also have a part of my web site installed on a machine at mit.edu, where I have an account, and when I use its name or address in the URL, I get a reply (and the logs on that machine show details of the contact.
So. Everything works fine if I point the phone's browser at my site at MIT. Everything works fine if I use my local wifi to send the same URL (except for hostname/addr). But nobody outside our local Orbi wifi subnet can send a message addressed to our house's hostname or IPaddr. No error messages appear anywhere I can find, and the culprit who drops it has to be along the path between our ISP and the Orbi router.
(I did even tested cutting out the Orbi, plugging my server directly into the ISP's modem. That worked fine, too, but it kill our local machines' path to the outside world. 😉
So what's the best approach to finding out what I've failed to set up correctly? I have no idea, other than wandering around at random in places that google tells me about. (The Netgear forums look appealing, but so far I find most of its user interface a mystery. I can't even find my own earlier questions, exept by wandering around at random until if stumble on them, typically in the couple of replies I've got so far.)
I'd be happy to contribute what I can to a FAQ.
7 Replies
What are your results for the canyouseeme.org step #1 of the community faq?
Also, do you have Double NAT (step #2)? I don't see why that would cause your problems but it's still good to know. If you do have it, then removing it is an easy test to see if it resolves your port forwarding issue. For example, change your Orbit to Access Point mode (AP).
Mikey94025 wrote:What are your results for the canyouseeme.org step #1 of the community faq?https://community.netgear.com/t5/Orbi-WiFi-6-AX-and-WiFi-6E-AXE/Community-FAQ-My-Orbi-speeds-are-slow-inconsistent-and-don-t-my/m-p/1984305/highlight/true#M7944
Also, do you have Double NAT (step #2)? I don't see why that would cause your problems but it's still good to know. If you do have it, then removing it is an easy test to see if it resolves your port forwarding issue. For example, change your Orbit to Access Point mode (AP).
Follow these steps and report the results here. It will confirm without a doubt whether you have Double NAT and then we can advise on how to proceed.
Your old router may have had port forwarding rules or such that make it work whereas your Orbi does not. Routers are not interchangeable because they have stateful config.
jc1742 wrote:
I also have a part of my web site installed on a machine at mit.edu, where I have an account, and when I use its name or address in the URL, I get a reply (and the logs on that machine show details of the contact
Universities that were early participants in the Internet often got allocated large numbers of IP addresses. (The university I worked at was allocated a Class B address space, i.e. 16,384 unique IP addresses.) If MIT is even remotely similar, then every computer at MIT might have a unique IP address which can be reached from the Internet.
This is dramatically different from the typical residential customer, who is allocated only one public IP address, and the router uses Network Address Translation (NAT) so that all the individual devices 'behind' the router can access the internet while pretending to come from that single public IP.
Port forwarding in this situation works only when the router has a true "public" IP address, and is not hidden behind another router. As Mikey94025 pointed out, this looks more and more like the Orbi router is 'behind' another router and thus port forwarding on the Orbi cannot function because the first router is not allowing connections to reach the Orbi.
Yesterday I called our ISP (RCN), and among other things, asked whether the modem they installed in our house was a router, and both the people I talked to said it wasn't. Also, you'd expect our old wifi gadget (Apple's Airport Extreme) would have similar problems, and it did port forwarding (and/or connection forwarding) without any problems. One thing we did with it was to hook it up to a Netgear 5-port switch, and we had several computers linked there; the Airport handled both incoming and outgoing connections to several remote sites, including multiple ssh links simultaneously. (But it's getting a bit old and feeble, which is why we got the Orbi. 😉
I did also spend a day switching back to the Airport. It still works and passes incoming connections to the gadgets on our local ethernet without problems. Then I switched back to the Orbi, and tried to set it up the same, but it doesn't seem to do incoming connections.
I wonder what else I might do to try to pin down the source of the problem. I also see a lot of others here that are having similar problems. But I'm still trying to learn how the Netgear Community thing works. 😉 So I haven't had much success finding informative answers to the others' questions, so far. Also, earlier today I lost a couple of hours dealing with orbilogin,com and the orbi app, both of which were rejecting all my passwords, and suggesting I read a doc on how to do a factory reset. I did one a few days ago, actually, so I ignored it, and then suddenly all the poaswords worked again. Hmmm ...
And MIT does have the entire 18.* chunk of addresses. So far, that's been enough for unique addresses for each gadget, though they don't always do it that way. MIT is an education and research org, of course, so their people want to experiment with and learn about everything going on elsewhere. There are lots of labs set up with their own subnet and only one or a few addresses, for the purpose of learning to deal with such things out in the Real World where they might eventually be working. They also encourage buying new things with new software, so their people can report all the problems they find. As a result, it can be a messy place to be trying to do things. 😉
Not that RCN technical support could ever be misinformed, what is the specific model of modem that was supplied (perhaps from the product label)?
An easy (and quick) test is to look at the IP address reported on the Orbi web browser interface, Advanced Tab, in the box labeled "Internet"
When this IP is obviously not a "Private IP Address", then there is not a router between the Orbi and the Internet.
https://en.wikipedia.org/wiki/Private_network
I'm trying to reconcile this with the previous discussion regarding security warnings from web browsers:
In that discussion, my understanding was that web browsers were able to connect to this web server, but complained about it being http. In other words, Port Forwarding got the connection to the right place, but the web server was not happy.
Is this the same scenario?
