Orbi WiFi 7 RBE973
Reply

Re: Blocking inbound traffic to Port Forwarded Service

masquerade
Aspirant

Blocking inbound traffic to Port Forwarded Service

Orbi Pro SRR60 (for some reason I can add that in as the model in the discussion)

 

So I'm running a service on a VM and I have a Port Forwarding rule setup to direct inbound traffic to that service. And every so often some people can no longer connect to it while others can. There seems to be nothing that I can see in the 'logs' that indicate the issue or even that some traffic is being blocked or dropped. The only way to fix it seem to be to reboot the router.

Has anyone else seen this? What could be the cause?

Message 1 of 6
CrimpOn
Guru

Re: Blocking inbound traffic to Port Forwarded Service

On the original Orbi (not any of the 'Pro' devices), the Orbi log has an option to log every instance of port forwarding/port triggering.

 

Once a port is forwarded to a device on the LAN, that device is what accepts or denies connections. There could be a restriction in the firewall rules which blocks some IPs and accepts others?

 

Are these failures intermittent?  i.e. the same remote user gets access some times, but does not get access other times?  If a remote user fails to get access every time, there could be an issue with the firewall rules on their end.

Message 2 of 6
masquerade
Aspirant

Re: Blocking inbound traffic to Port Forwarded Service

Yes, the issues are intermittent, but once it occurs then it doesn't seem to fix itself. It needs me to reboot the router.

 

Yes, it seems to always be the same remote user that gets the problem. And we have tired from multiple devices at the location and all lose access. We've tried them rebooting everything, including their internet router, but nothing fixes it. I've tried rebooting everything on my end (VM host, VM, cable modem) but none of that helps and then as soon as I reboot the Orbi, bam it works again.... for a few weeks. Then the issue seems to pop up again.

 

 

 

 

Message 3 of 6
CrimpOn
Guru

Re: Blocking inbound traffic to Port Forwarded Service

This is really a stretch......

 

On my old (original) Orbi, there is a choice to Disable Port Scan and DoS Protection.  (Sort of backward.  Should check something to turn it on rather than check a box to turn it off....oh, well.)  Does your Orbi Pro have a similar feature?

 

Since I have no idea what the heck this 'feature' does (or doesn't do), I am wondering if somehow your Orbi has detected too many connection attempts from that remote IP address (which uses Network Address Translation - NAT) to represent the IPs of every computer at the remote location.  ..... and then the Orbi blocks that remote IP.

 

I have Orbi logs emailed to me every time they fill up and keep them. It might be useful to scan a log file and see if that remote IP address appears in the Orbi logs as some sort of Denial of Service attack.

 

CrimpOn_0-1649805711269.png

 

Message 4 of 6
masquerade
Aspirant

Re: Blocking inbound traffic to Port Forwarded Service

I do have that option:

masquerade_0-1649874765098.png

but I'm not sure I would want to disable it altogether. What I really need is a whitelist. And yes, it would be great if there were some documentation on exactly what are the criteria it is using for the 'blocking'.

I think I'll setup a syslog server to capture the logs, and then next time it happens I will at least have something to see, even if there isn't really anything I can do about it given the lack of filtering capabilities of that 'protection'.

Thanks very much for you help, very much appreciated.

 

 

 

Message 5 of 6
CrimpOn
Guru

Re: Blocking inbound traffic to Port Forwarded Service


@masquerade wrote:

I do have that option:but I'm not sure I would want to disable it altogether.


The Orbi firewall does not accept connection attempts from the internet.  The only exceptions are when the user has told the system to.  For example, by activating OpenVPN host.  In previous firmware versions, there was an option to open the Orbi web interface to the internet using an SSL connection to a specific port number. (That option has been removed.)  As far as I can determine, security of the Orbi is independent of this "feature".

 

That's why I think blaming the problem on the DoS protection feature is a stretch.  If the Orbi has detected that IP as a problem, then it should appear in the Orbi log file as the source of an "attack".

 

I do not think that Orbi is capable of using a Syslog server. 

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 1384 views
  • 0 kudos
  • 2 in conversation
Announcements