More info on efforts to get orbi RBR750 working for wifi and ethernet.
This is basically a summary of a few weeks of trying to get an Orbi RBR750 to add a wifi hotspot to our household's collection of computers and other gadgets. I've got some interesting data on success vs failure over the past few days. It started with an experiment with turning off the Security Options setting. This seemed to have no effect on the total failure to get incoming connections through to our wired web server on an ethernet cable plugged into the Orbi.
It changed when I made one simple change: I have two 3 Macbooks (of 3 ages), and I'd been using 2 of them as development devices for our web server (which mostly serves up our music to the outside world). Meanwhile, I was trying to find a way to tell the Orbi to pass outside connections to our main web server on a ubuntu linux box, with total failure. As an experiment, I switched the port forwarding setting for port 80 to point to one of the Macbooks, which were connected via wifi. It worked! The web server on the Macbook started getting connections from the outside world, and answering the incoming requests.
Watching this for a while, I switched the port 80 forwarding back to the wired linux box - and the outside connections instantly dropped to zero. I verified that I could access its server on port 80 from the wifi-only gadgets. So I switched it back to the Macbook, and our server was online again.
Note that meanwhile, ssh links from the Macbooks to each other and the linux box all worked, and they were using the Orbi for that. It seemed to be only port 80 that had been blocked.
Then I made another very simple change: I turned the Security Option back on, to the WPA-PSK [TKIP] + WPA2-PSK [AES] setting. Instantly, all communication between my Macbooks and the linux server halted. All the logged-in links between the Macbooks and each other , and with the linux box, went dead.
After poking around at them for a while, trying the other Security Option settings, and getting total failure to communicate (but with all gadgets still able to connect to the outside world), I turned the Security Option back to None, and all their communication with each other came back to life, along with incoming web server requests working again.
So the summary seems to be: The Orbi mostly permits gadgets inside its wifi bubble to talk to the outside world. It doesn't permit connections from the outside world to a "wired" local machine under any circumstances, no matter how you play with Port Forwarding. If you turn on the Security Option, all communications between "inside" machines ceases, and only connections to the outside world are permitted.
Conclusion: The Orbi RBR750 is rather unsuited for organizations (or homes) that need a router interconnect all the local devices, plus a web server to present a secured face to the outside world.
I'm sorta hoping someone can explain to me why I'm, wrong. 😉
(And obviously I haven't tried all possible combinations of available settings. It's only been a few weeks, after all. But it shouldn't take weeks to set up such a configuration.)
Re: More info on efforts to get orbi RBR750 working for wifi and ethernet.
WiFi security options control how WiFi devices connect to the network. They have nothing to do with Ethernet (wired) connections.
If forwarding port 80 to the Linux box does not work, I would look at the Firewall settings on the Linux machine. Windows Firewall, for example, clearly has different rules for 'private' (local LAN) and 'public' (internet) access. Just because a web server can be accessed from the LAN does not guarantee that it can be accessed from the internet.
True, the 750 may be 'different', but I forward port 80 to a wired computer on my ancient RBR50 all the time.
Re: More info on efforts to get orbi RBR750 working for wifi and ethernet.
... and posting that last message got a page saying that content from earlier was saved, and did I want to reload it? I hit the Reload choice and it showed me the first sentence of my earlier reply:
Hmmm ... On the linux (web serer) box the "ufw status" says the firewall is "inactive", which seems to mean it's not blocking anything.
Re: More info on efforts to get orbi RBR750 working for wifi and ethernet.
(The forum introduces new topics every day... Thanks for bringing up ufw.)
Linux is a bit of a mystery (to me). Do the results from sudo ufw status match the results from sudo iptables -S ?
On the topic of WiFi security: leaving the primary WiFi on "None" invites anyone to use your WiFi to access the internet. Probably not what you want in the long run. The recommended security setting is WPA-PSK. The other option is for when there are old WiFi devices which do not support WPA-PSK.
When port 80 is forwarded to the IP address of the Linux server, what does ShieldsUp! show for your network?
Re: More info on efforts to get orbi RBR750 working for wifi and ethernet.
Here's the results of those commands on the (wired) linux server:
kendy:/home/jc: sudo ufw status
[sudo] password for jc:
Status: inactive
kendy:/home/jc: sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
kendy:/home/jc:
(And I wonder why all this is double spaced.;-) Anyway, right now the ShieldsUp! link shows me: "###-###-###-###.c3-0.wth-ubr1.sbo-wth.ma.static.cable.rcn.com, which doesn't seem to say anything about internal settings, since it lacks port numbers and/or identifying information about internal gadgets. But I'll try editing the appropriage port-forwarding item ... Yep; changing port 80 to point to the (wired) linux box causes a handy browser to report that the server isn't responding. Changing it back to forward port 80 to the (unwired) Macbook gets an instant reply, and its apache2 log shows the request. The above ShieldsUp! string stays unchanged during all this.
One problem I see is that I don't think I understand those two commands above, or their replies. I can't quite tell f(rom the docs I found) what they're telling me. They seem to say that some things are accepted, but not by who, but the "inactive" would seem to say that something isn't accepting anything. Is there a doc around that might clarify this?
