- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
RBR850: Remote Management and Port Forwarding
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RBR850: Remote Management and Port Forwarding
I just installed an RBR853 system, replacing my RBR50, so I have some familiarity with ORBI. Ihave set up port 80 forwarding to a specific machine on my network (VAULT). My public IP address is XXX.XXX.XXX.XXX. I have 3 problems, which may be related.
- When port forwarding is disabled, accessing http://XXX.XXX.XXX.XXX:80 via a browser sends me to the ORBI remote management interface, even if I explicitly disable it!
- When port forwarding is enabled, http://XXX.XXX.XXX.XXX:80 correctly sends me to VAULT's IIS server on all machines on my network except VAULT itself. Trying to access http://XXX.XXX.XXX.XXX:80 from VAULT times out.
- Regardless of the state of port forwarding, accessing https://XXX.XXX.XXX.XXX sends me to the ORBI remote management interface, even if I explicitly disable it.
Accessing the ORBI via http://machine.com:8443, as recommended by the Remote Management page respects the setting of "Turn Remote Management On. Disabling Anywhere Access via the ORBI app on my iPhone has no effect on any of the above behaviors.
Problems 1&3 are security risks if a user sets a weak password thinking that only machines inside the firewall can access the router (admittedly a poor choice, but users will be users).
Problem 2 breaks assumptions made by the software running on VAULT and makes it impossible use this machine as it is intended and as it worked with my previous ORBI system.
Thanks in advance for any help that may be rendered!
Michael
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850: Remote Management and Port Forwarding
I suspect you're trying this access using your public IP on your home network. What happens when you try it outside your network? Your security concerns for #1 and #3 matter if the access works the same outside your network.
I have Double NAT on my home network right now so my public IP goes to my ISP modem's admin page if within my home network, but does not work the same if I connect to a different network (e.g., hotspot from my mobile phone) so there is no actual security concern or risk of outsiders accessing internal admin sites.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850: Remote Management and Port Forwarding
Incidentally, this NAT Loopback behavior was only recently supported by RBR850: https://kb.netgear.com/000049578/Which-NETGEAR-routers-support-NAT-loopback
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850: Remote Management and Port Forwarding
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
@magoldsm1 wrote:I just installed an RBR853 system, replacing my RBR50, so I have some familiarity with ORBI. Ihave set up port 80 forwarding to a specific machine on my network (VAULT). My public IP address is XXX.XXX.XXX.XXX. I have 3 problems, which may be related.
- When port forwarding is disabled, accessing http://XXX.XXX.XXX.XXX:80 via a browser sends me to the ORBI remote management interface, even if I explicitly disable it!
- When port forwarding is enabled, http://XXX.XXX.XXX.XXX:80 correctly sends me to VAULT's IIS server on all machines on my network except VAULT itself. Trying to access http://XXX.XXX.XXX.XXX:80 from VAULT times out.
- Regardless of the state of port forwarding, accessing https://XXX.XXX.XXX.XXX sends me to the ORBI remote management interface, even if I explicitly disable it.
Accessing the ORBI via http://machine.com:8443, as recommended by the Remote Management page respects the setting of "Turn Remote Management On. Disabling Anywhere Access via the ORBI app on my iPhone has no effect on any of the above behaviors.
Problems 1&3 are security risks if a user sets a weak password thinking that only machines inside the firewall can access the router (admittedly a poor choice, but users will be users).
Problem 2 breaks assumptions made by the software running on VAULT and makes it impossible use this machine as it is intended and as it worked with my previous ORBI system.
Thanks in advance for any help that may be rendered!
Michael
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850: Remote Management and Port Forwarding
I suspect you're trying this access using your public IP on your home network.
True. However from ALL machines on the home network except VAULT, the access succeeds. It only fails from VAULT (which is the target of the port forwarding.
What happens when you try it outside your network?
Works fine from outside.
Your security concerns for #1 and #3 matter if the access works the same outside your network.
Hadn't thought of this. From outside the home network (cellular on my iPad), the router respects the enabled/disabled status. That's good!
Thanks,
Michael
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850: Remote Management and Port Forwarding
@FURRYe38 wrote:What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Firmware is V3.2.16.6_1.4.4, which Administration/Update page reports as "No New Firmware Available".
Arris SURFboard SB8200 (supplied by me, not ISP. But is on ISP's approved list). This is the same modem I was using with my RBR50 router. All was working fine with the RBR50. It was after upgrading to RBR850 that my woes began.
Thanks,
Michael
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RBR850: Remote Management and Port Forwarding
Based on testing after @Mikey94025's suggestion, I would say I am down to a single error: Error #2 from my original post:
- When port forwarding is enabled,http://XXX.XXX.XXX.XXX:80 correctly sends me to VAULT's IIS server on all machines on my network except VAULT itself. Trying to access http://XXX.XXX.XXX.XXX:80 from VAULT times out.
Thanks to all who have replied thus far!
Michael
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more