I have set up my Orbi RBR750 and, although the app seemed quite buggy, after a few itterations it worked as desired. However, I am struggling to find a way to set up port forwarding that specifies both the source and the desrtination IP - for instance: I can set up a rule that says: Forward incoming connections on port 1234 to internal IP 5.6.7.8 port 5678 But I don't seem to be able to be more restrictive, and say: Forward incoming connections on port 1234 from IP 1.2.3.4 ONLY to internal IP 5.6.7.8 port 5678 This seems a very basic feature for a router....am I looking in the wrong place? Cheers!

Something to review: https://kb.netgear.com/31069/How-do-I-configure-port-forwarding-on-my-Orbi-system

Thanks - yes, I found that. That allows for inboudn rules, but does not seem to allow for more specific rules - allowing that forward ONLY for a given remote external IP It might be that this simply isn't a feature provided by the Orbi, though it seems a bit odd given if that is the case, given it is a fairly common requirement. The unit also does not seem to manage local dns...? So if I have a device with hostname "thing" and I try to ping it, the ORBI will not resolve that. Instead I wouod have to rely on mDns I can work around both of these issues by using the Orbi in AP mod ans using openWrt to do my routing, but again local DNS resolving seems a very basic feature, so I wonder whether perhaps I have just missed the setting....

dbrb2 wrote:But I don't seem to be able to be more restrictive, and say: Forward incoming connections on port 1234 from IP 1.2.3.4 ONLY to internal IP 5.6.7.8 port 5678 This seems a very basic feature for a router....am I looking in the wrong place? I don't think the consumer-grade product like Orbi (not a firewall) offers this type of protection. More discussion: https://community.netgear.com/t5/Orbi/Whitelist-external-IP-Range-for-Port-Forwarding-ORBI-RBR50/td-p/1675733 and https://community.netgear.com/t5/Hardware-VPN-Firewalls-and/Limit-port-forwarding-to-whitelisted-IP-Addresses/td-p/1826036

Thanks. Oh well :-) I guess I'll have to stick with the current setup of the Orbi as an AP and openWRT as a router/firewall. It seems a pity, but so long as the mesh works well it's not a major problem.

dbrb2 wrote: But I don't seem to be able to be more restrictive, and say: Forward incoming connections on port 1234 from IP 1.2.3.4 ONLY to internal IP 5.6.7.8 port 5678 This seems a very basic feature for a router....am I looking in the wrong place? You are not finding it because Orbi does not provide the ability to restrict port forwarding by external IP address. I can see the appeal. (If a port is forwarded to an internal server, then the 'entire world' will soon discover the open port and begin attempting to access the internal server.) There seem to be two alternatives: Device Firewall. The Windows Firewall, for example, allows incoming rules to be limited by external IP address. Since the Windows Firewall will block connection attempts, then the port will not appear to be 'open'. (The Orbi router never responds to connection attempts on forwarded ports. The connection request gets passed to the internal LAN. If the internal server does not respond, then the connection attempt just 'disappears'.) OpenVPN. If connections need to be restricted to a single IP address, that implies (to me) that there is some organizational relationship between exactly two computer networks which are not constantly changing. Enabling the OpenVPN host on the Orbi allows a remote computer which has the required SSL certificates to connect to the local LAN - and thus to the internal server. For example, if an FTP server is set up on the LAN, no one will ever see Port 21 open except someone who has opened a VPN connection to the Orbi. There is an "Idea Exchange" where customers suggest new features. The request could be posted there. (I have very low expectations that anything would come soon - if ever.) https://community.netgear.com/t5/Idea-Exchange-For-Home/idb-p/idea-exchange-for-home

RBR750 port forwarding rule | NETGEAR Communities

14 Replies

FURRYe38
Guru
Jan 10, 2022
Something to review:

https://kb.netgear.com/31069/How-do-I-configure-port-forwarding-on-my-Orbi-system
- dbrb2
  Apprentice
  Jan 10, 2022
  Thanks - yes, I found that.
  That allows for inboudn rules, but does not seem to allow for more specific rules - allowing that forward ONLY for a given remote external IP
  
  It might be that this simply isn't a feature provided by the Orbi, though it seems a bit odd given if that is the case, given it is a fairly common requirement.
  
  The unit also does not seem to manage local dns...? So if I have a device with hostname "thing" and I try to ping it, the ORBI will not resolve that. Instead I wouod have to rely on mDns
  
  I can work around both of these issues by using the Orbi in AP mod ans using openWrt to do my routing, but again local DNS resolving seems a very basic feature, so I wonder whether perhaps I have just missed the setting....
Mikey94025
Hero
Jan 10, 2022
dbrb2 wrote:
But I don't seem to be able to be more restrictive, and say:
Forward incoming connections on port 1234 from IP 1.2.3.4 ONLY to internal IP 5.6.7.8 port 5678

This seems a very basic feature for a router....am I looking in the wrong place?
I don't think the consumer-grade product like Orbi (not a firewall) offers this type of protection. More discussion: https://community.netgear.com/t5/Orbi/Whitelist-external-IP-Range-for-Port-Forwarding-ORBI-RBR50/td-p/1675733 and https://community.netgear.com/t5/Hardware-VPN-Firewalls-and/Limit-port-forwarding-to-whitelisted-IP-Addresses/td-p/1826036
- dbrb2
  Apprentice
  Jan 10, 2022
  Thanks. Oh well :-)
  I guess I'll have to stick with the current setup of the Orbi as an AP and openWRT as a router/firewall. It seems a pity, but so long as the mesh works well it's not a major problem.
  - CrimpOn
    Guru
    Jan 10, 2022
    dbrb2 wrote:
    
    Thanks. Oh well :-)
    
    I guess I'll have to stick with the current setup of the Orbi as an AP and openWRT as a router/firewall. It seems a pity, but so long as the mesh works well it's not a major problem.
    
    I was busy typing when this message came through. Fine solution.
CrimpOn
Guru
Jan 10, 2022
dbrb2 wrote:

But I don't seem to be able to be more restrictive, and say:

Forward incoming connections on port 1234 from IP 1.2.3.4 ONLY to internal IP 5.6.7.8 port 5678

This seems a very basic feature for a router....am I looking in the wrong place?

You are not finding it because Orbi does not provide the ability to restrict port forwarding by external IP address. I can see the appeal. (If a port is forwarded to an internal server, then the 'entire world' will soon discover the open port and begin attempting to access the internal server.)

There seem to be two alternatives:

Device Firewall. The Windows Firewall, for example, allows incoming rules to be limited by external IP address. Since the Windows Firewall will block connection attempts, then the port will not appear to be 'open'. (The Orbi router never responds to connection attempts on forwarded ports. The connection request gets passed to the internal LAN. If the internal server does not respond, then the connection attempt just 'disappears'.)

OpenVPN. If connections need to be restricted to a single IP address, that implies (to me) that there is some organizational relationship between exactly two computer networks which are not constantly changing. Enabling the OpenVPN host on the Orbi allows a remote computer which has the required SSL certificates to connect to the local LAN - and thus to the internal server. For example, if an FTP server is set up on the LAN, no one will ever see Port 21 open except someone who has opened a VPN connection to the Orbi.

There is an "Idea Exchange" where customers suggest new features. The request could be posted there. (I have very low expectations that anything would come soon - if ever.)

https://community.netgear.com/t5/Idea-Exchange-For-Home/idb-p/idea-exchange-for-home

Forum Discussion

RBR750 port forwarding rule