× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Re: Outbound traffic to Amazon space

FURRYe38
Guru

Re: Outbound traffic to Amazon space

So whats the PA-220 connected to for your ISP services? 

 

Ya I agree, seem like way to much data flow and traffice for just a wifi router system. It's disaapointing. Smiley Frustrated

Message 26 of 41
1qwerty1
Tutor

Re: Outbound traffic to Amazon space

It is a small firewall made by Palo Alto Networks:

https://www.paloaltonetworks.com/network-security/next-generation-firewall/pa-220

 

The PA gives those away to customers who under active contract with them.

 

Yes, this is disappointing how much Netgear is siphoning data from/to us.

 

Message 27 of 41
FURRYe38
Guru

Re: Outbound traffic to Amazon space

So does this firewall interface with a modem or ONT or just direct to a ISP service port? 

Message 28 of 41
1qwerty1
Tutor

Re: Outbound traffic to Amazon space

It is a Spectrum cable modem, with coax on wan and one LAN rj-45 port for my firewall, the modem is in the bridge modem giving me a DHCP assigned public IP address.

Message 29 of 41
FURRYe38
Guru

Re: Outbound traffic to Amazon space

There a model # of the modem? 

Message 30 of 41
1qwerty1
Tutor

Re: Outbound traffic to Amazon space

Message 31 of 41
FURRYe38
Guru

Re: Outbound traffic to Amazon space

Great a rebadged modem. LOL. 

Does the 192.168.100.1 work to access the modems web page? Not sure if this model has one or not. 

Message 32 of 41
1qwerty1
Tutor

Re: Outbound traffic to Amazon space

The modem responds from my firewall to pings on 192.168.100.1. Later I might attach directly an ethernet cable from my laptop to the LAN side and try opening the modem's diag page (hopefully, Spectrum hasn't blocked access to it).

 

The interesting part is that my Orbi router has never been connected to the Spectrum, it was configured as wireless AP from the start, and so logically it has no knowledge of outside IP addressing (it sits on 10.x.x.x space).

 

Message 33 of 41
FURRYe38
Guru

Re: Outbound traffic to Amazon space

Regardless of IP address space, mode modem web pages are accessible from the LAN side of the fence. Unless your firewall is blocking in some manor. The 192.168.100.1 doesn't have to be on the same subnet for this page to be accessible. I can access my modem from my PC which is on a 192.168.77.1 address anytime. 

Message 34 of 41
1qwerty1
Tutor

Re: Outbound traffic to Amazon space

Agreed. The internal IP on the modem's LAN side is almost like an 'alias' from the FreeBSD world allowing multiple IPs to be attached to one physical interface.

 

The issue I mentioned before is about my Orbi router, 10.55.55.10, pinging once a day 192.168.100.1. How does the Orbi know that IP?

 

Message 35 of 41
FURRYe38
Guru

Re: Outbound traffic to Amazon space

Possible default ping trace since the 192.168.100.1 is a well known default IP address from some modems. 

Or some latent ping from prior owner. Hard to say. 

When you get time to set aside, try the reset, reload and reset then see if the 100.1 trace is still being picked up. 

Message 36 of 41
FURRYe38
Guru

Re: Outbound traffic to Amazon space

Question, just curious if you have tried Voxels FW on your Orbi 50 series. Do you still see same IP address trace? 

Would be good to see if your Firewall still sees all those addresses you listed for out bound traffic still happening with his FW. Something Voxel might be able to help with. Depends on where that is coming from, NG non GPL code or NG open GPL code. 

Message 37 of 41
1qwerty1
Tutor

Re: Outbound traffic to Amazon space

My units are RBR20/RBS20 configured in AP mode. No, I haven't tried voxel's brew ( will it even work on RBR20?). By looking at their notes, this looks like Debian's UFW (iptables based) firewall.

 

To be honest, my Orbis have been stable for over a month, I probably won't be testing any firewall module on them.

Message 38 of 41
FURRYe38
Guru

Re: Outbound traffic to Amazon space

Ah, ok, I didn't know you had the 20 series. His FW is only for the 50 series. Smiley Wink

 

Ya, keep whats working if it's all good. 

Message 39 of 41
MNuser
Aspirant

Re: Outbound traffic to Amazon space

Hi!

I've been toggling between a few threads as I try to figure out exactly why we keep bumping up against our Xfinity data limit suddenly.  My story seems similar to others.  We have a Netgear C6250 AC1600 modem with its only connection to the RBR50 Orbi router (with 2 satellites placed upstairs and in the basement).  Our data usage was around 400-500 GB for as long as I can remember.  Then suddenly in July, we got an email that we were close to our 1.2 TB limit.  What?!  Our usage should have been LESS since the kids had finished (virtual) school and we were on devices less.  We did discover that someone had hacked our Xfiniity account and added themselves as a user.  We got that removed and reset our passwords to EVERYTHING (including resetting the modem and router and re-adding every attached device one by one so we could ensure we knew what it was).  But same "almost overage" issue in August.  And now we're in September and still struggling.  I HATE that I can't see WHICH darn device is using the data.  We've done all the usual "recommended" things: stop videos from auto-playing, ensure there isn't any 4K streaming (no devices in our home support it so it shouldn't be an issue anyway), stop "auto" updates for the Xbox, turn off the "snapshot capture" in Ring.

 

I HATE that we can't see which device is the culprit! My son built a raspberry pi top computer a couple of years ago and I was reading about the "pi-hole". I'm not super tech savvy but I am good at following directions.  I saw a post on another thread from you talking about "access to pi-hole and using it as internal DNS server ..." with more details.  Should I be doing/trying this? I can log direclty into the modem and there is spot to block "stuff" (I say "stuff" b/c I am not quite clear if it's websites that I need to be blocking or something else and if this would accomplish the same task without going through the process of creating a pi-hole).

 

Is there anything I can buy that I could connect to the orbi that would show this detail? I feel like if i can pinpoint which device it is, I can delve deeper into that device to figure out what is going on.  I can't do the "disconnect everything" for long periods because everyone is working and doing school from home so there is a LOT of panic whenever the wifi goes down.  I'd love some advice!!

Model: C6250|AC1600 WiFi Cable Modem Router, RBR50|Orbi AC3000 Tri-band WiFi Router
Message 40 of 41
1qwerty1
Tutor

Re: Outbound traffic to Amazon space

You can use your piHole as an internal DNS server/resolver for _only_ your Orbi unit(s). Configure the piHole to blacklist the domain names I previously mentioned in this thread. Point your Orbi's DNS server setting to the piHole's IP address. This way any name resolution that Orbi is doing will be intercepted/resolved by piHole.

 

piHole's graphical interface has basic logs and a nice dashboard. Once you changed the Orbi's DNS IP address, take a mental snapshot of how many times piHole blocked queries before and after to get an idea. There is also a separate graph/table in piHole, called 'Top Clients (Blocked Only)' and 'Top Clients (Total)' which most likely will point at the Orbi's IP address as the biggest abuser.

 

Once you get comfortable with piHole as your DNS server, you can change your DHCP settings on your WiFi/DSL/Cable modem/router to use piHole's IP as a DNS server for the rest of your home users. piHole is great at blocking ads, malware infected domains etc.

 

There will be some learning curve to understand why access to some web site is not working. The piHole's logs will show which names the local clients are trying to resolve. It will show allowed and blocked resolution logs. Btw, if you had little kids at your house and wanted to restrict access to some web sites, piHole can be used for parental controls as well.

Message 41 of 41
Top Contributors
Discussion stats
  • 40 replies
  • 6561 views
  • 2 kudos
  • 5 in conversation
Announcements

Orbi 770 Series