NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

linutic's avatar
linutic
Aspirant
Aug 30, 2023

Internal Server Error when hostname used

I have configured my RBR750 as an access point with the following IP addresses set as static DHCP addresses in my OpenWRT router.     router: "mesh" 192.168.49.4    satellite: "mesh1" 192.168.4...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Sep 02, 2023

I fear that the AX series Orbi does not follow the typical procedure when in AP mode. (God knows what it does in router mode, and she's not telling us!)

 

In my test:

  • The RBR750 is AP mode
  • A laptop is connected (Ethernet) to the RBR750.
  • The laptop web browser attempted to connect to http://orbilogin.net 
  • The laptop hosts file did not have an entry for http://orbilogin.net 
  • If a DNS request had been sent through the RBR750 to the primary Orbi router (RBR50), it would have responded with the primary router IP address (192.168.1.1)
  • This would cause the web browser to attempt to connect to the primary Orbi router web site.
  • However, the web connection was made to the RBR750 web server (in AP mode).

Thus, it appears that in AP mode, the AX router series (not the original Orbi products) intercepts and redirects web connections to http://orbilogin.net 

 

p.s. I am SO DISAPPOINTED that Scott Adams lost his cool and Dilbert is no longer available in my daily paper.

 

kotfu's avatar
kotfu
Guide
Sep 26, 2023

Joining this thread after having been directed here from https://community.netgear.com/t5/Orbi-WIFI-6-AX-AND-Wi-Fi-6E-AXE/New-RBR850-RBS850-Firmware-Version-7-2-6-21-Released/m-p/2337089/highlight/true#M49721 by CrimpOn .

 

I also have this same issue, my original description is posted at https://community.netgear.com/t5/Orbi-WIFI-6-AX-AND-Wi-Fi-6E-AXE/New-RBR850-RBS850-Firmware-Version-4-6-14-3-Released/m-p/2284753/highlight/true#M41761.

 

Today I did some packet captures to try and better understand this issue. For context, here's the key parts of my setup:

  • I have a RBR850 and 3 RBS850s. I run the RBR850 in AP mode and it has a single ethernet connection to my network switch. There are no other ethernet cables connected to the RBR850.
  • My RBR850 had an IP address of 192.168.13.11, and a mac address that ends in c7:02
  • My internal network is 192.168.13.0/24.
  • I have a pair of firewall/router machines that run OpenBSD (which is not relevant for this discussion)
  • I run my own DNS servers (i.e. not running on the RBR850): they have an authoritative zone for internal hosts, and resolve all other requests via the root name servers.
  • My internal DNS server resolves ap1.kotfu.net to 192.168.13.11.
  • I know this works because I can ping ap1.kotfu.net and I get responses from 192.168.13.11
  • For this experiment, I accessed the web admin from a computer with an IP address of 192.168.13.25
  • For this experiment, 192.168.13.25 was connected via ethernet only, so there were no relevant packets in this capture transmitted via WiFi, they were all over hardline.

 

Here's the capture of me typing "http://ap1.kotfu.net" into my browser address bar and hitting return:

Here's the capture of me typing "http://192.168.13.11" into my browser address bar and hitting return:

 

Now a couple of observations and a theory.

1. Note that there are no DNS requests made by 192.168.13.11 in any of these packet captures. That's not surprising to me. It means that the RBR either doesn't care about the hostname for the IP address, or it already has it cached. In Access Point mode, the only reason for the RBR to want/need the hostname for an IP address would be to log the hostname in a log file. In the logs available to us, entries include the IP address, not the hostname (i.e. the log entry when you log in to the web console).

2. The only material difference initial packets in the two different captures, is the "Host" header in the HTTP request. When the "Host" header contains an IP address, the web admin pages are served to the client. When the "Host" header contains my hostname "ap1.kotfu.net", the HTTP error 500 is generated.

 

Here's my theory. I don't think it's a DNS issue. My RBR850 can resolve hostnames on my local network, because I have it using an internal time server, and that works fine. Also, the "Host" header is not a DNS thing, it's a HTTP protocol thing. When the RBR850 is in Router mode, two things must happen in order for "orbilogin.net" and "routerlogin.net" to work properly: 1) DNS queries for those domains must resolve to the IP address of the RBR850, and 2) the web server running on that IP address must properly respond based on the contents of the "Host" header. In this case, the RBR850 should serve the same web content regardless of what's in the "Host" header. In my setup, where the RBR850 is in AP mode and I run my own DNS servers, I can already assure that DNS queries for "ap1.kotfu.net" resolve to "192.168.13.11", the IP address of my RBR850. The packet captures above confirm this is true.

 

That means there must be a problem with the second condition. My guess is that when you switch to AP mode, the RBR850 puts a different web server configuration file in place (or applies some edits in place to the config file already there). The web server configuration in AP mode seems to have an error in how it handles the "default server". This configuration error causes the web server to return HTTP code 500.

 

EDIT: further experimentation reinforces this theory. By tinkering with the hosts file on the machine running your web browser, you can make several entries which point to the IP address of the RBR850. I added:

192.168.13.11	someserver.com
192.168.13.11	routerlogin.net
192.168.13.11 	orbilogin.net

When I use the hostnames that we know are configured in the web server on the RBR850, ie "routerlogin.net" and "orbilogin.net", the web page loads fine. When I use "someserver.com", I get the HTTP 500 error.