×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Help Needed: Port Forwarding

ShieldsUp
Aspirant

Help Needed: Port Forwarding

Hi All,

 

I'm having issues with port forwarding, scanner tool shows ports are closed/filtered. Here is my setup...

 

Physical Setup

  • AT&T Gateway BRGW10
  • Orbi RBR50 Router
    • Connected to AT&T Gateway
      • Router Internet port to a Gateway port
    • Connected to an unmanaged Switch
      • Open Router port to open Switch port
  • 2 Satellites
    • Connected to the above unmanaged Switch
      • Open Satellite port to open Switch port

Device Configurations

  • AT&T Gateway BRGW10
    • Firewall Settings:
      • Packet Filtering disabled
      • All services deleted from NAT/Gaming
      • IP Passthrough
        • Allocation Mode: Passthrough
        • Passthrough Mode: DHCPS-fixed
        • Passthrough Fixed MAC Address: MAC address of the Orbi RBK50 Router
      • Firewall Advanced: everything off
  • Orbi RBR50 Router
    • Router / AP Mode: Router Mode
    • Internet Setup:
      • Internet IP Address: Get Dynamically from ISP
      • Domain Name Server (DNS) Address: Get Automatically from ISP
      • Router MAC Address (Use Default Address)
    • WAN Setup:
      • Disable Port Scan and DoS Protection: false
      • NAT Filtering: Secured
    • Port Forwarding / Port Triggering
      • Port Forwarding
        • Service #1
          • External Port Range: 49152-49160
          • Internal Port Range: same as External Port Range
          • Internal IP Address: [IP of device needing this port open]

All devices connected to the Router and Satellite (wired and wireless) accesses the Internet just fine. I've confirmed Ethernet Backhaul via the Orbi app.

 

I attempted to scan for open ports using pentest-tools.com and ipfingerprints.com. pentest-tools advises that the "host seems down" and ipfingerprints advises the ports in this range are filtered.

 

Any help or advice would be greatly appreciated!

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 8
FURRYe38
Guru

Re: Help Needed: Port Forwarding

Did you disable uPnP before setting up your PF configurations? 

 

ALso you need to be actively using those ports before trying to check the status of them. They will remain closed until they are used. 

Message 2 of 8
CrimpOn
Guru

Re: Help Needed: Port Forwarding


@ShieldsUp wrote:
I attempted to scan for open ports using pentest-tools.com and ipfingerprints.com. pentest-tools advises that the "host seems down" and ipfingerprints advises the ports in this range are filtered.

Assuming that the service is up and running, are you able to access it from a computer on the local LAN?

When you access pentest-toos and ipfingerprints, do they show your public IP address as the same as the Orbi WAN IP?

When you do a trace route from a computer on the local LAN to some known IP, such as Google's DNS 8.8.8.8, the first router should be the Orbi's private IP (usually 192.168.1.1), is the second router a public IP address?

Message 3 of 8
ShieldsUp
Aspirant

Re: Help Needed: Port Forwarding

Yes, UPnP was disabled, then I created the PF. I've test scanned with UPnP remaining disabled and with it renabled and the ports still appear to be closed.

 

I thought Port Forwarding keeps the ports open constantly while Port Triggering only opens when they are actively in use, no?

Message 4 of 8
FURRYe38
Guru

Re: Help Needed: Port Forwarding

No. PF just configures the port for open when something accesses the port. The port is closed until something accesses the port, like an app or device. The port needs to be access fully to check its status correctly. Security wouldn't be good if the port was open and nothing wasn't accessing it. 

Message 5 of 8
ShieldsUp
Aspirant

Re: Help Needed: Port Forwarding

Ah, good idea on the local test. I am unable to test at the moment, but will do so later this evening.

Yes, both sites show the same IP as my Orbi WAN IP and AT&T Broadband IP. 

When tracert to 8.8.8.8, the first hop is the Orbi's private IP (10.0.0.1 in this case) and second hop is ATT GW's private IP (192.168.1.254). From there, my ISP and then onwards.

Message 6 of 8
CrimpOn
Guru

Re: Help Needed: Port Forwarding


@ShieldsUp wrote:

Ah, good idea on the local test. I am unable to test at the moment, but will do so later this evening.

Yes, both sites show the same IP as my Orbi WAN IP and AT&T Broadband IP. 

When tracert to 8.8.8.8, the first hop is the Orbi's private IP (10.0.0.1 in this case) and second hop is ATT GW's private IP (192.168.1.254). From there, my ISP and then onwards.


I think this is the problem.  The gateway is NATing (is that a word?), which absolutely kills port forwarding.  To verify, the WAN side of the Orbi probably has a 192.168 IP address, correct?

Message 7 of 8
ShieldsUp
Aspirant

Re: Help Needed: Port Forwarding

@FURRYe38 Right, the port remaining open without anything accessing it is definitely not good security. I thought this was the reason Port Triggering was created. In any case, I will test again this evening while the local device is attempting to actively listen.

 

@CrimpOn I'll consider it a word (network address translatingSmiley Tongue The WAN side of the Orbi is showing my public IP. It is the same public IP on my ATT GW.

 

On the ATT GW, it is assigning 192.168.1.64 - 192.168.1.253. However, I see it is assigning the Orbi the same public IP above.

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 1940 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7