NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jc1742's avatar
jc1742
Aspirant
Dec 05, 2022

Orbi port forwarding still fails

Well, I've done a bunch more testing  and experimenting (and trying to decode how this community's forums work 😉  What I've learned so far is:   My server is visible and responds to connections fr...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Dec 05, 2022
jc1742 wrote:

I also have a part of my web site installed on a machine at mit.edu, where I have an account, and when I use its name or address in the URL, I get a reply (and the logs on that machine show details of the contact

Universities that were early participants in the Internet often got allocated large numbers of IP addresses. (The university I worked at was allocated a Class B address space, i.e. 16,384 unique IP addresses.)  If MIT is even remotely similar, then every computer at MIT might have a unique IP address which can be reached from the Internet.

 

This is dramatically different from the typical residential customer, who is allocated only one public IP address, and the router uses Network Address Translation (NAT) so that all the individual devices 'behind' the router can access the internet while pretending to come from that single public IP.

 

Port forwarding in this situation works only when the router has a true "public" IP address, and is not hidden behind another router.  As Mikey94025 pointed out, this looks more and more like the Orbi router is 'behind' another router and thus port forwarding on the Orbi cannot function because the first router is not allowing connections to reach the Orbi.

 

  • jc1742's avatar
    jc1742
    Aspirant
    Dec 06, 2022

    Yesterday I called our ISP (RCN), and among other things, asked whether the modem they installed in our house was a router, and both the people I talked to said it wasn't.  Also, you'd expect our old  wifi gadget (Apple's Airport Extreme) would have similar problems, and it did port forwarding (and/or connection forwarding) without any problems.  One thing we did with it was to hook it up to a Netgear 5-port switch, and we had several computers linked there; the Airport handled both incoming and outgoing connections to several remote sites, including multiple ssh links simultaneously.  (But it's getting a bit old and feeble, which is why we got the Orbi. 😉

     

    I did also spend a day switching back to the Airport.  It still works and passes incoming connections to the gadgets on our local ethernet without problems.  Then I switched back to the Orbi, and tried to set it up the same, but it doesn't seem to do incoming connections.

     

    I wonder what else I might do to try to pin down the source of the problem.  I also see a lot of others here that are having similar problems.  But  I'm still trying to learn how the Netgear Community thing works. 😉  So I haven't had much success finding informative answers to the  others' questions, so far. Also, earlier today I lost a couple of hours dealing with orbilogin,com and the orbi app, both of which were rejecting all my passwords, and suggesting I read a doc on how to do a factory reset. I  did one a few days ago, actually, so I ignored it, and then suddenly all the poaswords worked again. Hmmm ...

     

    And MIT does have the entire 18.* chunk of addresses.  So far, that's been enough for unique addresses for each gadget, though they don't always do it that way.  MIT is an education and research org, of course, so their people want to experiment with and learn about everything going on elsewhere.  There are lots of labs set up with their own subnet and only one or a few addresses, for the purpose of learning to deal with such things out in the Real World where they might eventually be working. They also encourage buying new things with new software, so their people can report all the problems they find. As a result, it can be a messy place to be trying to do things. 😉

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Dec 06, 2022

      Not that RCN technical support could ever be misinformed, what is the specific model of modem that was supplied (perhaps from the product label)?

       

      An easy (and quick) test is to look at the IP address reported on the Orbi web browser interface, Advanced Tab, in the box labeled "Internet"

      When this IP is obviously not a "Private IP Address", then there is not a router between the Orbi and the Internet.

      https://en.wikipedia.org/wiki/Private_network 

       

      I'm trying to reconcile this with the previous discussion regarding security warnings from web browsers:

      https://community.netgear.com/t5/Orbi-WiFi-6-AX-and-WiFi-6E-AXE/Orbi-RBR750-port-forwarding-rejects-connections-for-quot/m-p/2276938 

       

      In that discussion, my understanding was that web browsers were able to connect to this web server, but complained about it being http.  In other words, Port Forwarding got the connection to the right place, but the web server was not happy.

       

      Is this the same scenario?

       

       

      • jc1742's avatar
        jc1742
        Aspirant
        Dec 06, 2022

        Hey, how could you doubt the total knowledge and honesty of RCN's tech support? ;I

         

        Anyway, that box was labelled a bit differently, in my window it's the ADVANCED tab, in the INTERNET PORT box.  (There was some confusion here a few days ago, with things labelled ADVANCED and Advanced, with or without a second word, and some of them were labelled differently on various people's screens.)  

         

        But the IP Address field I see has the value 207.172.223.184, which is our home's IP address. I'm guessing that it's what you might call a "Public Address", in contrast with the Orbi's addresses in the 192-192.168.*.* range.  There's varied terminology there, too, with 207.172.223.184 being called a "routable" address in some docs, and 192.168.1.1 called "unroutable".  There are growing communication problems with Internet terminology growing more variable in the commercial world, so we folks who've been doing Internet programming for a few decades can sometimes have problems decoding a lot of the current "new, improved" terminology. 😉  (But I might agree that some of it might be better terminology.)

         

        In any case, I've heard complaints about servers using http rather than https, but so far only from humans. I haven't seen any diagnostics that mention it. I just shrug, as I see value in both of them. I've experimented a lot with changing the setting in the Orbi apps, and I saw both ports 80 and 443 mentioned in some of them  But so far I haven't seen any complaints with my Port Forwarding settings.  They're accepted by the Orbi apps without complaints.  But they simply fail without any visible error messages when I use my cell phone (or mit.edu account) to try to ge my site's content.

         

        So is there a way to make the computers involved (especially any router along the path) give me running commentary on what's happening? As far as I can tell, they're all rather silent, perhaps not wanting to admit to their failures.

         

        BTW, one of the RCN guys I talked to did some querying of our house, and was able to get identifying info from their modem and the Orbi router, but no further.  This sorta implies that it's the Orbi that's the dead end.  I'm wondering if what's needed is to turn off some of the "safety" features, if what's happening is that http is being (silently) blocked because someone thinks it's not "safe".  I'm not worried about people intercepting my content, since it's there so that anyone can read it.