NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

linutic's avatar
linutic
Aspirant
Aug 30, 2023

Internal Server Error when hostname used

I have configured my RBR750 as an access point with the following IP addresses set as static DHCP addresses in my OpenWRT router.     router: "mesh" 192.168.49.4    satellite: "mesh1" 192.168.4...
linutic's avatar
linutic
Aspirant
Sep 02, 2023

Here's a simplified explanation of what happens with a home router (including an Orbi router) when you enter a URL into your browser.

  • The browser does a DNS request to the router.  The request effectively says:    "What is the IP address associated with this name?"
  • The router gets the request, and checks if the name corresponds to a node on the local network, or is otherwise configured as a special case.  If either is true, it sends the corresponding IP address back to the requesting node.
  • Oftherwise, the name is not local or special. The routers forwards the request to the internet DNS servers and waits for a response.  If the response is successful, the received IP is sent to the browser.  If there is an error, or the request times out, an error response is sent to the browser.

With an Orbi home router, running the factory firmware, the name "orbilogin.net" is recogtnized as a special name, and a special case.  When received, the router sends back its own IP address on the local network.  By default, this is 192.168.1.1, but you can change that.

 

When the browser gets the IP address, it sends an HTTP request to whatever IP address is received.  The HTTP request includes the originally requested name.  The name is used if there are multiple virtual web servers with the same IP address.  This is commonly done where a single computer handles multiple different customers.  For example "landscape-spcialities.com" might be handled by the same computer, at the same IP address as "bills-appliances.com".

 

In the case where the IP address is the address of the router on the local network, it goes to a web server in the router.  The multiple customer case does not apply.  Everything received by the Orbi goes to the same UI, or should, no matter whether the name is "orbirouter.com" or "hows.your.sister" or just an IP address.

 

You can make an argument that an orbi router might check for "routerlogin.com" to detect some sort of error.  It's dubious why you would want that.  For example my internet router has been called "gw" (gateway) for 20+ years, although many different routers from different manufactuers have served that function.  Checking for "routerlogin.com" is just an inconvenient pain-in-the-butt, as far as I am concerned.  My chosen name "gw" would always be rejected.

 

Now checking for "orbirouter.com" on an AP is even worse.  Suppose I use an orbi AP and a seconds Netgear router to get to the internet.  I actually did that for awhile.  The second Netgear router was positioned where the internet came into the house, which was in a far corner in the basement.  A lousy place for a WiFi server.  So I ran an ethernet cable from there to my Orbi AP in the center of the house.  The perfect place place for a WiFi server.

 

What possible good could it have done to have both of these devices named "orbirouter.com".  Why would you want that?   How could that ever work?

 

So this convention in the firmware is not sensible.  It's irritating in the router, and downright stupid in the AP.  It it is deliberate, it indicates that Netgear doesn't understand home network configuration.  If it is a bug, well then all software has bugs, so I can understand that.

 

This is the kind of thing that comes out of Marketing requirments.  Some idiot in the Marketing department (having never configured a network) thinks it is a cool idea, and insists on it in a bug fix meeting.  The software mainteance engineer gets tired of arguing with Marketing, and puts it in.   He forgets to turn it off in AP mode, and that results in this discussion.  Maybe the Marketing guy is smarter this time, and tells the software engineeto take it out everwhere.  Like it was in the first place.  Like it should be.  Or maybe the Marketing guy is just a stupid **bleep**.

 

This sort of thing allowed Scott Adams to make his fortune with Dilbert.

linutic's avatar
linutic
Aspirant
Sep 02, 2023

Using "routerlogin.com" to get to the router is a bad idea in the first place.  It is too easy to misspell.  Common misspellings include "ruterlogin.com", "routerlogon.com" and so forth.

 

Suppose a hacker wants to break into your system.  He registers a few common misspellings of "routerlogin.com".  On each he runs a web page that looks *exactly* like the Netgear login page.

 

You aren't paying attention one day, and you misspell routerlogin.com.  You go to the hacker web page.  You see exactly what you expect to see, so you type in your username and password.  The web server records them, together with your IP address.  Then it redirects you to the correct spelling of "routerlogin.com", which sends you to your router web page.  You figure you misspelled the password, so you enter the information again.  This time it works.  You don't suspect a thing.

 

However now the hacker has everything he needs to break into your router.  From there he can run barefoot through your home network.

 

I never used "routerlogin.com".  I was afraid I would misspell it when I wasn't paying attention.  I used the IP address, or my own simple name for the router.

 

This is a variation on an old trick that dates back at least to 1970s time sharing systems.   It worked them.   It still works.