NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX200 - Restricting Port Access to external IP Range
Apologies for a long preamble on this.
Problem: I have a streaming camera which works. I can see it on my home network all the time. I use a streaming service based in the USA, and I can embed the stream in various websites using the RTSP address.
The streaming service requires ports 80 and 554 to be open. I have two rules which do that on the RAX200. And I emphasise, everything works.
However, for the last two years, I have been pulling my hair out over an issue where the ports suddenly close - between 2-10 times a day. Until recently, and after trying everything I could think of, I had concluded the only way to re-open them was to reboot the router. That always opened them, but it is not a good solution.
After speaking with my streaming host, they asked if the ports ever re-opened by themselves. I had never looked into that, but over the last three days I have discovered that they do re-open - anywhere from 30-60 minutes after they close. This is obviously a major issue, as my stream is down for up to five hours a day. So I looked into it further.
I found that when the ports were apparently closed (using an online port scanner), netstat informed me that they were actually still 'listening' - which I believe means they are open.
I had been suspicious of Netgear Armor in this, and that was now the prime suspect. When I disabled it in the middle of that down period, the ports immediately appeared open and have not closed down since. So right now, Armor is almost certainly the problem.
My streaming host has suggested I lock down the ports and restrict access to only their IP range, which may stop Armor being triggered to do what it is doing.
Question: How the heck do you restrict external access to a port to a range if IP addresses on the RAX200?
There are no firewall settings, which is where you'd do it on cheaper/older routers.
I'd appreciate any suggestions.
Thanks
13 Replies
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Be sure your using a good quality LAN cable between the modem and router. CAT6 is recommended.Is uPnP disabled while you have PF configurations enabled?
Has a factory reset and setup from scratch been performed since last FW update? A complete pull of the power adapters for a period of time after the factory reset then walk thru the setup wizard and setup from scratch with a wired PC and web browser. Recommend setting the default DHCP IP address pool range to the following after applying and a factory reset: 192.168.#.100 to 192.168.#.200.
https://kb.netgear.com/24089/How-do-I-specify-the-pool-of-IP-addresses-assigned-by-my-Nighthawk-routerI have the latest firmware - V1.0.10.140_1.0.79.
The Modem is a Virgin Media Superhub 4 (set to modem mode). It isn't a problem with that.
There are no cabling issues. Everything works, and there are no hardware issues.The camera is permanently visible on my home network. The problem is purely to do with ports 'closing'. As in ports open, camera streams, but ports closed, camera doesn't.
The only issue is those ports repeatedly - between 2-10 times a day - appearing closed from the outside, whilst appearing open from inside. They close and re-open themselves (from the outside) when Armor is enabled, but remain open continuously when Armor is disabled. They opened immediately during a closed period as soon as I disabled Armor. So it has to be concluded that Armor is making them appear closed (even when they are not, according to netstat).
I have been advised to restrict the port access (for port 554) to a specific IP range given me by my streaming host while Armor is disabled - and to see if doing that prevents Armor doing whatever it is doing when a port is scanned maliciously, or to at least afford some protection.
So my question is: how do I restrict access to a port to that range of incoming IP addresses (on the RAX200)?
Seems like a issue with Armor if the ports work properly with Armor disabled.
