Orbi WiFi 7 RBE973
Reply

Re: RBR850: Remote Management and Port Forwarding

magoldsm1
Aspirant

RBR850: Remote Management and Port Forwarding

I just installed an RBR853 system, replacing my RBR50, so I have some familiarity with ORBI.  Ihave set up port 80 forwarding to a specific machine on my network (VAULT).  My public IP address is XXX.XXX.XXX.XXX.  I have 3 problems, which may be related.

 

  1. When port forwarding is disabled, accessing http://XXX.XXX.XXX.XXX:80 via a browser sends me to the ORBI remote management interface, even if I explicitly disable it!
  2. When port forwarding is enabledhttp://XXX.XXX.XXX.XXX:80 correctly sends me to VAULT's IIS server on all machines on my network except VAULT itself.  Trying to access http://XXX.XXX.XXX.XXX:80 from VAULT times out.
  3. Regardless of the state of port forwarding, accessing https://XXX.XXX.XXX.XXX sends me to the ORBI remote management interface, even if I explicitly disable it.

Accessing the ORBI via http://machine.com:8443, as recommended by the Remote Management page respects the setting of "Turn Remote Management On.  Disabling Anywhere Access via the ORBI app on my iPhone has no effect on any of the above behaviors.

 

Problems 1&3 are security risks if a user sets a weak password thinking that only machines inside the firewall can access the router (admittedly a poor choice, but users will be users).

 

Problem 2 breaks assumptions made by the software running on VAULT and makes it impossible use this machine as it is intended and as it worked with my previous ORBI system.

 

Thanks in advance for any help that may be rendered!

 

Michael

 

Message 1 of 7
Mikey94025
Hero

Re: RBR850: Remote Management and Port Forwarding

I suspect you're trying this access using your public IP on your home network.  What happens when you try it outside your network?  Your security concerns for #1 and #3 matter if the access works the same outside your network.

 

I have Double NAT on my home network right now so my public IP goes to my ISP modem's admin page if within my home network, but does not work the same if I connect to a different network (e.g., hotspot from my mobile phone) so there is no actual security concern or risk of outsiders accessing internal admin sites.

Message 2 of 7
Mikey94025
Hero

Re: RBR850: Remote Management and Port Forwarding

Incidentally, this NAT Loopback behavior was only recently supported by RBR850: https://kb.netgear.com/000049578/Which-NETGEAR-routers-support-NAT-loopback

Message 3 of 7
FURRYe38
Guru

Re: RBR850: Remote Management and Port Forwarding

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?


@magoldsm1 wrote:

I just installed an RBR853 system, replacing my RBR50, so I have some familiarity with ORBI.  Ihave set up port 80 forwarding to a specific machine on my network (VAULT).  My public IP address is XXX.XXX.XXX.XXX.  I have 3 problems, which may be related.

 

  1. When port forwarding is disabled, accessing http://XXX.XXX.XXX.XXX:80 via a browser sends me to the ORBI remote management interface, even if I explicitly disable it!
  2. When port forwarding is enabledhttp://XXX.XXX.XXX.XXX:80 correctly sends me to VAULT's IIS server on all machines on my network except VAULT itself.  Trying to access http://XXX.XXX.XXX.XXX:80 from VAULT times out.
  3. Regardless of the state of port forwarding, accessing https://XXX.XXX.XXX.XXX sends me to the ORBI remote management interface, even if I explicitly disable it.

Accessing the ORBI via http://machine.com:8443, as recommended by the Remote Management page respects the setting of "Turn Remote Management On.  Disabling Anywhere Access via the ORBI app on my iPhone has no effect on any of the above behaviors.

 

Problems 1&3 are security risks if a user sets a weak password thinking that only machines inside the firewall can access the router (admittedly a poor choice, but users will be users).

 

Problem 2 breaks assumptions made by the software running on VAULT and makes it impossible use this machine as it is intended and as it worked with my previous ORBI system.

 

Thanks in advance for any help that may be rendered!

 

Michael

 


 

Message 4 of 7
magoldsm1
Aspirant

Re: RBR850: Remote Management and Port Forwarding

 I suspect you're trying this access using your public IP on your home network. 

 

True.  However from ALL machines on the home network except VAULT, the access succeeds.  It only fails from VAULT (which is the target of the port forwarding.

 

What happens when you try it outside your network? 

 

Works fine from outside.

 

Your security concerns for #1 and #3 matter if the access works the same outside your network.

 

Hadn't thought of this.  From outside the home network (cellular on my iPad), the router respects the enabled/disabled status.  That's good!

 

Thanks,

Michael

 

Message 5 of 7
magoldsm1
Aspirant

Re: RBR850: Remote Management and Port Forwarding


@FURRYe38 wrote:

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?


 


Firmware is V3.2.16.6_1.4.4, which Administration/Update page reports as "No New Firmware Available".

 

Arris SURFboard SB8200 (supplied by me, not ISP.  But is on ISP's approved list).  This is the same modem I was using with my RBR50 router.  All was working fine with the RBR50.  It was after upgrading to RBR850 that my woes began.

 

 

Thanks,

Michael

 

Message 6 of 7
magoldsm1
Aspirant

Re: RBR850: Remote Management and Port Forwarding

Based on testing after @Mikey94025's suggestion, I would say I am down to a single error: Error #2 from my original post:

 

 

Thanks to all who have replied thus far!

 

Michael

 

 

 

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 3436 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi 770 Series