NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How to allow socket connections -- Nighthawk RAXE300
Hello,
I am building a socket-based application to connect a controller device to a mobile robot. The robot acts as the server and will remain connected to this WiFi network, and I want the controller to be able to connect as a client from anywhere.
I have code that works perfectly when both devices are connected to this WiFi network. However, it fails when the controller moves to another network.
I figured this made sense because the robot is assigned a temporary IPv4 address by the router. So, I assigned a static IP address to the robot (https://kb.netgear.com/25722/How-do-I-reserve-an-IP-address-on-my-NETGEAR-router?cid=wmt_netgear_organic) and set up a port forwarding rule for this IP address (https://kb.netgear.com/24289/How-do-I-set-up-port-forwarding-to-a-local-server-on-my-NETGEAR-router).
However, I am still unable to connect. It still works when both devices are on this WiFi network, but still doesn't work when I change the controller's network. In both cases, I make the socket connect with the router's IP address at this port number. I have tried both the router's IP address according to whatismyip.com, and according to the administration website.
Does anything seem to be wrong with my setup? Is there something else going on with the firewall that blocks the connection? How do I find the router's publicly accessible IP address?
Thank you!
Isaac
Hard to tell, but it looks like your RAXE300 is behind another router or gateway device, thus creating a double NAT. If that is the case, then most remote access functions will have issues.
Ideally, it would be better to simply use a VPN to connect to the LAN then access devices on your network rather than forwarding ports and exposing them directly to the WAN, which increases your attack surface, and depending on how well the device is kept up to date (consider how many NAS devices there are where the company stopped releasing updates,and ransomware makers targeted unpatched vulnerabilities and attacked every vulnerable NAS exposed to the WAN).
4 Replies
Hard to tell, but it looks like your RAXE300 is behind another router or gateway device, thus creating a double NAT. If that is the case, then most remote access functions will have issues.
Ideally, it would be better to simply use a VPN to connect to the LAN then access devices on your network rather than forwarding ports and exposing them directly to the WAN, which increases your attack surface, and depending on how well the device is kept up to date (consider how many NAS devices there are where the company stopped releasing updates,and ransomware makers targeted unpatched vulnerabilities and attacked every vulnerable NAS exposed to the WAN).
Thanks, you are definitely right there. Is there any particular VPN setup you recommend? Would something like OpenVPN work to connect the devices via sockets?
- For VPN, the router has a built in OpenVPN server, thus setting that up in would allow you to have client devices connect and access those resources from the LAN side. While it is not quite as convenient as a WAN facing resource, it is more secure.
if you need to give access to a service to a large number of users or users who you do not want to have LAN access, then you will be stuck with port forwards and exposing the server directly to the WAN, thus a stronger focus on keeping up with updates and any relevant CVEs to determine if any additional security steps are needed.