NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi port forwarding still fails
Well, I've done a bunch more testing and experimenting (and trying to decode how this community's forums work 😉 What I've learned so far is: My server is visible and responds to connections fr...
Yesterday I called our ISP (RCN), and among other things, asked whether the modem they installed in our house was a router, and both the people I talked to said it wasn't. Also, you'd expect our old wifi gadget (Apple's Airport Extreme) would have similar problems, and it did port forwarding (and/or connection forwarding) without any problems. One thing we did with it was to hook it up to a Netgear 5-port switch, and we had several computers linked there; the Airport handled both incoming and outgoing connections to several remote sites, including multiple ssh links simultaneously. (But it's getting a bit old and feeble, which is why we got the Orbi. 😉
I did also spend a day switching back to the Airport. It still works and passes incoming connections to the gadgets on our local ethernet without problems. Then I switched back to the Orbi, and tried to set it up the same, but it doesn't seem to do incoming connections.
I wonder what else I might do to try to pin down the source of the problem. I also see a lot of others here that are having similar problems. But I'm still trying to learn how the Netgear Community thing works. 😉 So I haven't had much success finding informative answers to the others' questions, so far. Also, earlier today I lost a couple of hours dealing with orbilogin,com and the orbi app, both of which were rejecting all my passwords, and suggesting I read a doc on how to do a factory reset. I did one a few days ago, actually, so I ignored it, and then suddenly all the poaswords worked again. Hmmm ...
And MIT does have the entire 18.* chunk of addresses. So far, that's been enough for unique addresses for each gadget, though they don't always do it that way. MIT is an education and research org, of course, so their people want to experiment with and learn about everything going on elsewhere. There are lots of labs set up with their own subnet and only one or a few addresses, for the purpose of learning to deal with such things out in the Real World where they might eventually be working. They also encourage buying new things with new software, so their people can report all the problems they find. As a result, it can be a messy place to be trying to do things. 😉
Not that RCN technical support could ever be misinformed, what is the specific model of modem that was supplied (perhaps from the product label)?
An easy (and quick) test is to look at the IP address reported on the Orbi web browser interface, Advanced Tab, in the box labeled "Internet"
When this IP is obviously not a "Private IP Address", then there is not a router between the Orbi and the Internet.
https://en.wikipedia.org/wiki/Private_network
I'm trying to reconcile this with the previous discussion regarding security warnings from web browsers:
In that discussion, my understanding was that web browsers were able to connect to this web server, but complained about it being http. In other words, Port Forwarding got the connection to the right place, but the web server was not happy.
Is this the same scenario?
Hey, how could you doubt the total knowledge and honesty of RCN's tech support? ;I
Anyway, that box was labelled a bit differently, in my window it's the ADVANCED tab, in the INTERNET PORT box. (There was some confusion here a few days ago, with things labelled ADVANCED and Advanced, with or without a second word, and some of them were labelled differently on various people's screens.)
But the IP Address field I see has the value 207.172.223.184, which is our home's IP address. I'm guessing that it's what you might call a "Public Address", in contrast with the Orbi's addresses in the 192-192.168.*.* range. There's varied terminology there, too, with 207.172.223.184 being called a "routable" address in some docs, and 192.168.1.1 called "unroutable". There are growing communication problems with Internet terminology growing more variable in the commercial world, so we folks who've been doing Internet programming for a few decades can sometimes have problems decoding a lot of the current "new, improved" terminology. 😉 (But I might agree that some of it might be better terminology.)
In any case, I've heard complaints about servers using http rather than https, but so far only from humans. I haven't seen any diagnostics that mention it. I just shrug, as I see value in both of them. I've experimented a lot with changing the setting in the Orbi apps, and I saw both ports 80 and 443 mentioned in some of them But so far I haven't seen any complaints with my Port Forwarding settings. They're accepted by the Orbi apps without complaints. But they simply fail without any visible error messages when I use my cell phone (or mit.edu account) to try to ge my site's content.
So is there a way to make the computers involved (especially any router along the path) give me running commentary on what's happening? As far as I can tell, they're all rather silent, perhaps not wanting to admit to their failures.
BTW, one of the RCN guys I talked to did some querying of our house, and was able to get identifying info from their modem and the Orbi router, but no further. This sorta implies that it's the Orbi that's the dead end. I'm wondering if what's needed is to turn off some of the "safety" features, if what's happening is that http is being (silently) blocked because someone thinks it's not "safe". I'm not worried about people intercepting my content, since it's there so that anyone can read it.
jc1742 wrote:
So is there a way to make the computers involved (especially any router along the path) give me running commentary on what's happening? As far as I can tell, they're all rather silent, perhaps not wanting to admit to their failures.
Thanks for verifying that the Orbi is connected to the internet with a public IP address. (Not entirely sorry to have impugned the RCN tech support staff, considering the quality of responses I have seen from other vendors.)
Yes. When a port is forwarded through the Orbi router to a host on the LAN, the Orbi log will have an entry for each internet address that connects. Just now, I forwarded port 80 to a Pi-Hole server on the LAN at 192.168.1.30.
Disconnected my smartphone from WiFi to use LTE and opened a web browser to http://<public ip of router>
This entry appeared in the Orbi log:
[LAN access from remote] from 45.95.147.49:54336 to 192.168.1.30:80, Tuesday, December 06, 2022 22:49:54
I should point out that prior to this, I had entered only my public IP into the Chrome browser on my smartphone (no "http") and it timed out. Chrome is so helpful. When the user does not specifically enter the "http", Chrome assumes that "https" is intended and uses that. I had not forwarded port 443 through the Orbi, so that connection attempt timed out.
jc1742