×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Orbi WiFi 7 RBE973
Reply

Internet access from one device intermittently blocked.

keithjnewman
Guide

Internet access from one device intermittently blocked.

I have an Orbi RBR50 with two RBS50 satelite devices all at firmware version V2.7.3.22.

My webserver (Ubuntu Linux) has a wired connection to the RBR50 and the Orbi has a port forwarding rule to pass inbound https traffic to the server.

This all worked fine until fairly recently when I started to notice that my server was randomly not accessible from the the outside world but would come back an hour or so later. Investigation revealed that when this happens the server is blocked from internet access but is available over the internal network. I'm suspicious that this started happening after the last firmware update as it seemed to coincide with Orbi's Armor starting to periodically report external network attacks on my server which I believe to be a new feature. The attack details are limited it just says it has blocked an exploit attack on the server and provides the IP address of the source. I did wonder if the two events are linked, that perhaps the Orbi is denying the server access to and from the internet as a crude form of defence. Having monitored it for a while I've concluded that this seems unlikely as the two events are not coinciding, for example the last reported attack was 4:56am and my server was inaccessible at around 9:30am and back by 11:00am.

 

Has anyone else observed this kind of behaviour and resolved it? If you have any advice would be gratefully received.

Message 1 of 9

Accepted Solutions
keithjnewman
Guide

Re: Internet access from one device intermittently blocked.

Update for anyone with a similar problem who stumbles on this item. I noticed Internet access for my Web server was blocked again, so I disabled Armor and bingo access was restored. I then immediately re-enabled Armor and the the Web server still had access. Given the problem comes and goes at this point I cannot be sure if disabling Armor fixed it or not. That was about a week ago and (with Armor still enabled) I have not seen the problem since. To add perspective I was seeing the problem daily. So it does appear that switching Armor off and on has sorted the issue albeit I cannot be sure it was not a coincidence.
Interesting to note though I'd hitherto been seeing an occasional error message when using the Orbi App saying a random and somewhat unhelpful 'an error has occurred' this has also stopped happening. Coincidence, your guess is as good as mine but I'm thinking probably not.

View solution in original post

Message 8 of 9

All Replies
FURRYe38
Guru

Re: Internet access from one device intermittently blocked.

Has a factory reset and setup from scratch been performed since last FW update? 

This time, don't enable Armor or Circle.

Message 2 of 9
keithjnewman
Guide

Re: Internet access from one device intermittently blocked.

I don't have Circle enabled to begin with.
I have not done a factory reset as yet. Before I do that I would like to understand why you are suggesting not reenabling Armor? Given that my Web server is exposed to the Internet disabling router level security is not something I'm comfortable with.
Message 3 of 9
FURRYe38
Guru

Re: Internet access from one device intermittently blocked.

Armor has presented some problems historcally. This would be a troubleshooting step only to see if the problem resolves with it fully disabled after a reset. 


Your safe running with out it as there is a firewall running on the RBR. 

Message 4 of 9
CrimpOn
Guru

Re: Internet access from one device intermittently blocked.

@keithjnewman wrote:
Given that my Web server is exposed to the Internet disabling router level security is not something I'm comfortable with.

 

Port 443 on the Ubuntu server is indeed exposed to the Internet, but:

  • No other ports are exposed to the internet through the Orbi.
  • Unbuntu has a robust firewall that can be set to reject connection attempts from both the local network and the internet (with exceptions for whatever local machines used to administer the Ubuntu server).
  • One hopes this web server is configured to survive typical "attacks on web servers"

I agree with @FURRYe38 that turning off Armor temporarily is a useful step toward diagnosing what is causing the server to go off-line.  If the server continues to go off-line and then return when Armor is not running, then Armor would appear not to be causing it.  If the problem disappears when Armor is disabled, then it might be time to post a big WTF??? message in the Armor forum.

Message 5 of 9
keithjnewman
Guide

Re: Internet access from one device intermittently blocked.

I understand where you are coming from now, I will give it a go to point the finger to Armor or not. I actually like having Armor there as part of my multi layered approach to security.
Message 6 of 9
CrimpOn
Guru

Re: Internet access from one device intermittently blocked.


@keithjnewman wrote:

it seemed to coincide with Orbi's Armor starting to periodically report external network attacks on my server which I believe to be a new feature. The attack details are limited it just says it has blocked an exploit attack on the server and provides the IP address of the source. I did wonder if the two events are linked, that perhaps the Orbi is denying the server access to and from the internet as a crude form of defence.


Those messages about exploit attacks specifically mentioned the internal IP of the web server?

 

My brief adventure in Port Forwarding demonstrated that very shortly after a port is forwarded through the Orbi, it is discovered and people (or Bots?) begin to hammer on it.  I turned on Remote Management (the web version, not the apps Anywhere Access). My Orbi password is so long and complicated that I am confident no one will ever crack it, but I became annoyed that the Orbi log filled up so quickly with rejected logon attempts and turned it off. (I could have quit logging web admin access, but I decided to use OpenVPN for that purpose instead.)

 

 

Message 7 of 9
keithjnewman
Guide

Re: Internet access from one device intermittently blocked.

Update for anyone with a similar problem who stumbles on this item. I noticed Internet access for my Web server was blocked again, so I disabled Armor and bingo access was restored. I then immediately re-enabled Armor and the the Web server still had access. Given the problem comes and goes at this point I cannot be sure if disabling Armor fixed it or not. That was about a week ago and (with Armor still enabled) I have not seen the problem since. To add perspective I was seeing the problem daily. So it does appear that switching Armor off and on has sorted the issue albeit I cannot be sure it was not a coincidence.
Interesting to note though I'd hitherto been seeing an occasional error message when using the Orbi App saying a random and somewhat unhelpful 'an error has occurred' this has also stopped happening. Coincidence, your guess is as good as mine but I'm thinking probably not.
Message 8 of 9
keithjnewman
Guide

Re: Internet access from one device intermittently blocked.

No attacks are on the external ip address of my Internet connection. Orbi relates it to the Web server, presumably because it is the only device that any port is forwarded to.
Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 1659 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7