Orbi port forwarding still fails

What are your results for the canyouseeme.org step #1 of the community faq?

Also, do you have Double NAT (step #2)?  I don't see why that would cause your problems but it's still good to know.  If you do have it, then removing it is an easy test to see if it resolves your port forwarding issue.  For example, change your Orbit to Access Point mode (AP).

---

@jc1742 wrote:

I also have a part of my web site installed on a machine at mit.edu, where I have an account, and when I use its name or address in the URL, I get a reply (and the logs on that machine show details of the contact

---

Universities that were early participants in the Internet often got allocated large numbers of IP addresses. (The university I worked at was allocated a Class B address space, i.e. 16,384 unique IP addresses.)  If MIT is even remotely similar, then every computer at MIT might have a unique IP address which can be reached from the Internet.

This is dramatically different from the typical residential customer, who is allocated only one public IP address, and the router uses Network Address Translation (NAT) so that all the individual devices 'behind' the router can access the internet while pretending to come from that single public IP.

Port forwarding in this situation works only when the router has a true "public" IP address, and is not hidden behind another router.  As @Mikey94025 pointed out, this looks more and more like the Orbi router is 'behind' another router and thus port forwarding on the Orbi cannot function because the first router is not allowing connections to reach the Orbi.

Yesterday I called our ISP (RCN), and among other things, asked whether the modem they installed in our house was a router, and both the people I talked to said it wasn't.  Also, you'd expect our old  wifi gadget (Apple's Airport Extreme) would have similar problems, and it did port forwarding (and/or connection forwarding) without any problems.  One thing we did with it was to hook it up to a Netgear 5-port switch, and we had several computers linked there; the Airport handled both incoming and outgoing connections to several remote sites, including multiple ssh links simultaneously.  (But it's getting a bit old and feeble, which is why we got the Orbi. 😉

I did also spend a day switching back to the Airport.  It still works and passes incoming connections to the gadgets on our local ethernet without problems.  Then I switched back to the Orbi, and tried to set it up the same, but it doesn't seem to do incoming connections.

I wonder what else I might do to try to pin down the source of the problem.  I also see a lot of others here that are having similar problems.  But  I'm still trying to learn how the Netgear Community thing works. 😉  So I haven't had much success finding informative answers to the  others' questions, so far. Also, earlier today I lost a couple of hours dealing with orbilogin,com and the orbi app, both of which were rejecting all my passwords, and suggesting I read a doc on how to do a factory reset. I  did one a few days ago, actually, so I ignored it, and then suddenly all the poaswords worked again. Hmmm ...

And MIT does have the entire 18.* chunk of addresses.  So far, that's been enough for unique addresses for each gadget, though they don't always do it that way.  MIT is an education and research org, of course, so their people want to experiment with and learn about everything going on elsewhere.  There are lots of labs set up with their own subnet and only one or a few addresses, for the purpose of learning to deal with such things out in the Real World where they might eventually be working. They also encourage buying new things with new software, so their people can report all the problems they find. As a result, it can be a messy place to be trying to do things. 😉

Not that RCN technical support could ever be misinformed, what is the specific model of modem that was supplied (perhaps from the product label)?

An easy (and quick) test is to look at the IP address reported on the Orbi web browser interface, Advanced Tab, in the box labeled "Internet"

When this IP is obviously not a "Private IP Address", then there is not a router between the Orbi and the Internet.

https://en.wikipedia.org/wiki/Private_network 

I'm trying to reconcile this with the previous discussion regarding security warnings from web browsers:

https://community.netgear.com/t5/Orbi-WiFi-6-AX-and-WiFi-6E-AXE/Orbi-RBR750-port-forwarding-rejects-... 

In that discussion, my understanding was that web browsers were able to connect to this web server, but complained about it being http.  In other words, Port Forwarding got the connection to the right place, but the web server was not happy.

Is this the same scenario?

---

@Mikey94025 wrote:

What are your results for the canyouseeme.org step #1 of the community faq?https://community.netgear.com/t5/Orbi-WiFi-6-AX-and-WiFi-6E-AXE/Community-FAQ-My-Orbi-speeds-are-slo...

 

Also, do you have Double NAT (step #2)?  I don't see why that would cause your problems but it's still good to know.  If you do have it, then removing it is an easy test to see if it resolves your port forwarding issue.  For example, change your Orbit to Access Point mode (AP).

---

Follow these steps and report the results here.  It will confirm without a doubt whether you have Double NAT and then we can advise on how to proceed.

Your old router may have had port forwarding rules or such that make it work whereas your Orbi does not.  Routers are not interchangeable because they have stateful config.

Hey, how could you doubt the total knowledge and honesty of RCN's tech support? ;I

Anyway, that box was labelled a bit differently, in my window it's the ADVANCED tab, in the INTERNET PORT box.  (There was some confusion here a few days ago, with things labelled ADVANCED and Advanced, with or without a second word, and some of them were labelled differently on various people's screens.)  

But the IP Address field I see has the value 207.172.223.184, which is our home's IP address. I'm guessing that it's what you might call a "Public Address", in contrast with the Orbi's addresses in the 192-192.168.*.* range.  There's varied terminology there, too, with 207.172.223.184 being called a "routable" address in some docs, and 192.168.1.1 called "unroutable".  There are growing communication problems with Internet terminology growing more variable in the commercial world, so we folks who've been doing Internet programming for a few decades can sometimes have problems decoding a lot of the current "new, improved" terminology. 😉  (But I might agree that some of it might be better terminology.)

In any case, I've heard complaints about servers using http rather than https, but so far only from humans. I haven't seen any diagnostics that mention it. I just shrug, as I see value in both of them. I've experimented a lot with changing the setting in the Orbi apps, and I saw both ports 80 and 443 mentioned in some of them  But so far I haven't seen any complaints with my Port Forwarding settings.  They're accepted by the Orbi apps without complaints.  But they simply fail without any visible error messages when I use my cell phone (or mit.edu account) to try to ge my site's content.

So is there a way to make the computers involved (especially any router along the path) give me running commentary on what's happening? As far as I can tell, they're all rather silent, perhaps not wanting to admit to their failures.

BTW, one of the RCN guys I talked to did some querying of our house, and was able to get identifying info from their modem and the Orbi router, but no further.  This sorta implies that it's the Orbi that's the dead end.  I'm wondering if what's needed is to turn off some of the "safety" features, if what's happening is that http is being (silently) blocked because someone thinks it's not "safe".  I'm not worried about people intercepting my content, since it's there so that anyone can read it.

---

@jc1742 wrote:
So is there a way to make the computers involved (especially any router along the path...

---

Thanks for verifying that the Orbi is connected to the internet with a public IP address.  (Not entirely sorry to have impugned the RCN tech support staff, considering the quality of responses I have seen from other vendors.)

 

Yes.  When a port is forwarded through the Orbi router to a host on the LAN, the Orbi log will have an entry for each internet address that connects.  Just now, I forwarded port 80 to a Pi-Hole server on the LAN at 192.168.1.30.

 

Disconnected my smartphone from WiFi to use LTE and opened a web browser to http://<public ip of router> 

This entry appeared in the Orbi log:

[LAN access from remote] from 45.95.147.49:54336 to 192.168.1.30:80, Tuesday, December 06, 2022 22:49:54

I should point out that prior to this, I had entered only my public IP into the Chrome browser on my smartphone (no "http") and it timed out. Chrome is so helpful.  When the user does not specifically enter the "http", Chrome assumes that "https" is intended and uses that.  I had not forwarded port 443 through the Orbi, so that connection attempt timed out.

@jc1742