I want to purchase a Netgear Orbi RBKE963 or the B (black) version. I have one specific requirement:
- Does it support NAT loopback?
I have a Synology NAS with my applications hosted onto it, and currently, my current Virgin Media router doesn't support NAT loopback, so I can't access my WAN addresses on the local network. I have to use my phone (using 4g) to access the sites. This is problematic, because I have services that I want to access locally.
As I was upgrading, I deemed it best to look into mesh networks, because of deadzones in my house, that I could eradicate. Two birds, one stone approach.
I hope you can help me make my purchasing decision.
Re: Is NAT loopback supported on Netgear Orbi RBKE963
Thank you for this.
I believed the same that you do. I believe they haven't updated the KB, because surely a mesh router that is in the £1000 mark would have NAT loopback as standard.
Is there anyway for me to confirm this accurately? Calling Netgear support lines?
Re: Is NAT loopback supported on Netgear Orbi RBKE963
There are people who participate in the forum and have the 960 product. If one of them tests NAT Loopback, I would believe their report over someone in (Kansas?) reading the same Netgear web page we found.
Re: Is NAT loopback supported on Netgear Orbi RBKE963
I do not believe the RBKE963 supports NAT loopback. That was something my previous router, a NetGear R9000 (running dd-wrt, not Netgear's firmware), did support and I was a bit dismayed when it went away upon installation of the Orbi. It wasn't a tragic loss, though, as I only needed to to monitor webcams from my phone when away from home; I had other means to monitor them while in the house.
The remainder of this reply is sort of a rant, so if you're satisfied with the answer, don't feel obligated to read on 😉
My travails with the RBKE963 have forced me to eliminate it as the internet gateway. I'm still using it, but in AP mode. My router is now an OPNSense firewall running on a Dell 7040 SFF PC and I'm absolutely in love with its feature set.
Prior to installing the firewall, I was rebooting the router (RBRE) every 5 to 7 days as IoT devices (smart plugs, switches, appliances, webcams) would randomly drop off the network and refuse to reconnect. A reboot would resolve the issue for another 5 to 7 days.
It's been more than 3 weeks since I installed the firewall and switched the RBRE to AP mode and I haven't had to reboot once.
OPNSense does support hairpinning/loopback and provides a wealth of configuration, management, VPN and reporting options that just don't exist in NetGear's consumer product line. Total cost for the firewall hardware was US$180 (eBay), and the software is free.
There are other options for getting what you want while retaining the Orbi as a router (split DNS using a dedicated DNS resolver such as a PiHole, for example), but they all require dedicated (or at least separate, always-on) hardware.
I do not believe the RBKE963 supports NAT loopback. That was something my previous router, a NetGear R9000 (running dd-wrt, not Netgear's firmware), did support and I was a bit dismayed when it went away upon installation of the Orbi. It wasn't a tragic loss, though, as I only needed to to monitor webcams from my phone when away from home; I had other means to monitor them while in the house.
Could you please describe the specific test which verified that NAT Loopback is not supported on the RBKE963?
For example, on my RBR50 I forwarded HTTP to 192.168.1.4 (an Epson printer), opened Edge, entered http://<my public IP address> and up popped the printer web page. What was your test?
Re: Is NAT loopback supported on Netgear Orbi RBKE963
I configured my phone to connect to my web cams via the public IP and ports, after creating the appropriate NAT rules in the Orbi configuration. I could not connect while attached to the WLAN, but could connect via WAN/4G/5G.
With the new firewall and corresponding NAT rules (and hairpinning enabled) I am able connect using the public address from both WLAN and WAN.
Re: Is NAT loopback supported on Netgear Orbi RBKE963
Thanks for the explanation. Disappointing to be sure. ☹️
I had considered using port forwarding to provide access to security cameras and decided it was "too much detail" for me. Since any given port (or range of ports) can be forwarded to only one internal IP, that meant I would have to define (and remember) separate external port numbers for each camera that would forward to the internal port number on different internal IPs.
Such as, supposing the internal port was 9000:
Camera 1 would be public IP port 9001 forwarded to internal IP port 9000
Camera 2 would be public IP port 9002 forwarded to internal IP port 9000
Camera 3 would be public IP port 9003 forwarded to internal IP port 9000
and so on.
While I am OCD enough to have worked this out and created browser bookmarks for each camera, I was already using the manufacturer's "cloud app" when away from home, so being able to access cameras from home with both LAN IP and NAT Loopback just wasn't worth the effort. I only use NAT Loopback to verify that port forwarding is working.
Appreciate you taking the time to report your results. This still begs the question of why Netgear would remove a feature that existed in every previous router model.
Thanks for the explanation. Disappointing to be sure. ☹️
I had considered using port forwarding to provide access to security cameras and decided it was "too much detail" for me. Since any given port (or range of ports) can be forwarded to only one internal IP, that meant I would have to define (and remember) separate external port numbers for each camera that would forward to the internal port number on different internal IPs.
Such as, supposing the internal port was 9000:
Camera 1 would be public IP port 9001 forwarded to internal IP port 9000
Camera 2 would be public IP port 9002 forwarded to internal IP port 9000
Camera 3 would be public IP port 9003 forwarded to internal IP port 9000
and so on.
While I am OCD enough to have worked this out and created browser bookmarks for each camera, I was already using the manufacturer's "cloud app" when away from home, so being able to access cameras from home with both LAN IP and NAT Loopback just wasn't worth the effort. I only use NAT Loopback to verify that port forwarding is working.
It absolutely was a PITA with the Orbi's NAT configuration page. Slow and cumbersome.
OPNSense allows you to define aliases for ports, port ranges, hosts, address ranges, and other things that make it much simpler to configure NAT and other firewall rules. You can also enable its nginx plug-in as a reverse proxy that lets you route a URL path to a specific IP address/port combination. I haven't actually played with this yet, but I know it's possible.
Appreciate you taking the time to report your results. This still begs the question of why Netgear would remove a feature that existed in every previous router model.
You mean like the ability to assign separate SSIDs to 5GHz and 2.4GHz radios? And network isolation between VAPs*? Nah, they'd never do such a thing ... 😡
* The IoT WLAN is directly connected with the "main" LAN/WLAN. No protection from bargain-priced foreign hardware that might have less than honorable intentions on your network.
Re: Is NAT loopback supported on Netgear Orbi RBKE963
loopback or hairpinning on the rbre960 still not supported even 3/3/2023 firmware upgrade as recent as of this date. you will need to add port forwarding rules to make it work. THIS BLOWS! good mesh router though.
NAT hairpinning, also known asNAT loopback orNAT reflection, is a feature in many consumer routers where a machine on the LAN is able to access another machine on the LAN via the external IP address of the LAN/router (with port forwarding set up on the router to direct requests to the appropriate machine on the LAN). This notion is officially described in RFC 2008)
The way I read this explanation is that NAT Loopback (Hairpinning) provides a mechanism to validate what will happen when a connection arrives at the public IP from the internet without having to "join another network" to find out. (As with my printer experiment.) What is "supposed" to happen when a connection comes from the internet to the router public IP address, port 21 (or 22, 23, 80,443, 9000 etc)? The router does not run an FTP server (and it does not accept connections from the internet anyway). Which local machine does that connection go to? Answer: if a port forwarding rule is in operation, that rule tells the router where the connection goes to (and what port, too). Without port forwarding
It is also not clear (to me) that Netgear has "removed" any capability. Even if it was a Netgear R9000, as message #6 pointed out, that was running DD-WRT software, not Netgear software.
I really wish someone on the forum who has a 960 could take 10 minutes to test NAT Loopback. i.e.
Forward port 80 to something on the LAN that has a web server, such as a printer,
