NTP issues when Orbi (RBR50) is in Router mode

Would be a ISP modem issue. Nothing on the Orbi that you can change to fix this. 

Something to ask your ISP about. Also your Modem may need to be updated. I believe the PACE is superseded by the Arris BGW-210 if your ISP supports it. 

Something you can review and try:

https://community.netgear.com/t5/Orbi-AX/Orbi-AX-6000-and-AT-amp-T-fiber-gateway-issue/m-p/1890125/h...

Orbi NTP works fine for me. Though I'm on cable and have a cable modem. 

I don't agree that this is a modem issue.  By putting the RBR50 in DMZPlus mode on the gateway, I am essentially bypassing the gateway/modem.  The RBR50 has a pulic IP address so it's traffic is going out directly.  Besides, if it was a modem issue, why does NTP work when I take the RBR50 out of the picture, leaving only the modem?  The issue is AT&T blocking UDP 123, and *maybe* the RBR50 not masquerading traffic on that port to something else (which presumably the AT&T modems do).  This would not be a big deal if the changes I make to iptables on the RBR50 would stick.

Maybe however DMZPlus has been known NOT to be actual DMZ or giving full public address abilities thus still causing problems.

NTP works on the MODEM since it's the main host router and you connect there. Having the RBR50 behind the modem in router mode also causes a double NAT issue however the DMZ should help with this, however it maybe still causing problems. 

NTP works on the RBR. If it didn't then there would be much more users posting about it. I know I would. 

What your seeing is mostly the ISP modems mishandling of passing requested traffic thru the DMZ in the double NAT condition. If the modem supporting full bridge mode, then this problem would be solved however ATT modems don't support that option. 

---

@Kandyman wrote:

I have AT&T Uverse with a AT&T Pace 5268AC gateway.  My RBR50 is setup in router mode. It is in the DMZ of the gateway (DMZPlus mode so all traffic is directed to it) and has a public IP address.  Essentially, everything works well except NTP.

WIth this setup, none of my devices can sync time from any internet time server.  Not even the RBR50 itself. 

If I bypass the RBR50 and plug a device directly into the AT&T gateway and it gets a NAT IP addreess from the gateway, it is able to sync time from any time server that I specify (e.g. pool.ntp.org, time.windows.com, etc.).  Similarly, if I change the RBR50 to AP mode rather than router mode, so that NAT'ing is done by the AT&T gateway, NTP works.

---

Could you comment on the reason to put the Orbi in the gateway DMZ rather than put the gateway into Bridge Mode?

(I did not watch all the way to the end, but the guy in this video seems pretty confident)

https://www.youtube.com/watch?v=3Q0Q2alkzcY 

When the Orbi is put into AP mode, it is NOT in the DMZ, correct?

And, yes, I believe you are correct that Orbi periodically rewrites the iptables.  There is third party firmware for the RBR50 that I believe does not, and also has a method to automatically create iptables when the router is rebooted.

http://www.voxel-firmware.com/Downloads/Voxel/html/orbi.html 

Thats not "bridge mode", just the use of DMZ as a WAN traffic pass through thats supposedly unfiltered. ATT Modems don't don't support actual bridge mode. 

---

@FURRYe38 wrote:

Thats not "bridge mode", just the use of DMZ as a WAN traffic pass through thats supposedly unfiltered. ATT Modems don't don't support actual bridge mode. 

---

This time, I did watch the video all the way to the end.  Yes, indeed.  He has confused "bridge mode" with DMZ.

What I wonder, however, is why this person appears to think that any router will function in this setup.

Surely he would have noticed if NTP totally failed on his router or any device connected to his router?  If no device can get NTP to work, then this is totally unusable.

NTP is the subject of this thread, not "bridge mode vs. DMZ".  Did he do something (like when he disabled checking for "router behind router" that makes NTP work?

I think NTP problems are not easily noticed because most devices generally do not have a significant time drift, and when there is one, most people just manually correct the time on the device.  I just happned to notice this because I was doing some automation which wipes and reloads the OS and does other things including authenticating to cloud services.  It was because I could not get a valid authetication token for the cloud services that I started to dig into it and found the NTP issue.  I thought of just manually correct the time like most people will do but then the curious part of me started to ask why time sync wasn't working.  Then I looked at a number of other computers & devices and noticed that they hadn't synced time in months - and last synced around when I switched my RBR from AP to router mode. 

So it looks like the only way for me to get this working is to go change back to AP mode huh?  This stinks.  Good fiber speeds from AT&T but you pay for that with inflexibility in their gateways.

---

@Kandyman wrote:

So it looks like the only way for me to get this working is to go change back to AP mode huh?  This stinks.  Good fiber speeds from AT&T but you pay for that with inflexibility in their gateways.

 

---

I don't have AT&T and cannot experiment with the exact steps recommended in that video, so I have no way to verify his claim. I would think that all of my devices would complain if they could not get a time sync when they boot up.

I am still confused about why the Orbi needs to be in AP mode when in the DMZ. That seems contrary to the advice I have seen for years about the three ways to solve the "Double NAT" issue: (1) ISP in bridge mode, (2) Orbi in AP mode, (3) Orbi in DMZ (in router mode).

It's still not actual bridge mode. The NAT or router is still running on the modem. I watched the video as well. 

Possible that the metion of the "router behind router" has something to do, though the video didn't point to checking NTP after they were done making changes on the modem. 

Been other posts regarding the the PACE branded modem is out of date and should be replaced or updated and changed out. With the metion of the "router behind router" not working well by the video, seems like this ellates to other problems with this brand of modem . 

Otherwise, the modem is interferring with the data for NTP on this thread and Orbi is having problems with it. Something that needs to be resolved on the modem side and only one having this problem currently. 

And yes, short term solution is to run the Orbi in AP mode until the modem problem can be resolved. 

Might try this and see:
https://community.netgear.com/t5/Orbi/Netgear-Orbi-and-ATT-Pace-5268-Router/m-p/1786833/highlight/tr...

---

@CrimpOn wrote:

---

@Kandyman wrote:

So it looks like the only way for me to get this working is to go change back to AP mode huh?  This stinks.  Good fiber speeds from AT&T but you pay for that with inflexibility in their gateways.

 

---

I don't have AT&T and cannot experiment with the exact steps recommended in that video, so I have no way to verify his claim. I would think that all of my devices would complain if they could not get a time sync when they boot up.

 

I am still confused about why the Orbi needs to be in AP mode when in the DMZ. That seems contrary to the advice I have seen for years about the three ways to solve the "Double NAT" issue: (1) ISP in bridge mode, (2) Orbi in AP mode, (3) Orbi in DMZ (in router mode).

---

Orbi will not be in the DMZ when I put it AP mode.  That would be bad.  I will take it out of the DMZ and have it just be be an AP for wireless clients, behind the  gateway.  NTP works fine in that configuration where the only NAT is the gateway.

Glad you found a working modem. I would try to replace the PACE one at some point. 

Enjoy.