Setting RBR50 as DMZ with Xfinity

All Orbi routers have built in firewalls. 

Modem/Router Combos:

This would be a double NAT condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the Orbi router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the Orbi router gets from the modem. Then you can use the Orbi router in Router mode.
3. Or disable all wifi radios on the modem and connect the Orbi router to the modem, configure AP mode on the Orbi router. https://kb.netgear.com/31218/How-do-I-configure-my-Orbi-router-to-act-as-an-access-point and https://www.youtube.com/watch?v=H7LOcJ8GdDo&app=desktop

Option #2 can be used if you want to use the Orbi in router mode. 

---

@PaulMaxx wrote:

Hi All,

 

I wanted to give my network a try with using the RBR50 as my network router. To accomplish this I have connected my Xfinity router to the WAN port of the RBR50 and have set the RBR50 as a DMZ host in my Xfinity router. So the Xfintiy router is assigning an IP addres to the RBR50 which is what was used as the DMZ Host. This is not the same IP address as the subnet assigned to the RBR50 to manage the LAN.

 

Everything is running quite smoothly but I am not sure how protected my network is. In my Xfinity router I have the firewall set to Minimum Security which only lists IDENT (port 113) as being blocked. My limited understanding of setting the RBR50 as a DMZ host is that the RBR50 is not protected by this Xfinity firewall setting. I have read some information that contradicts this and states that the Xfintiy router firewall still applies but those articles were admittedly a bit over my head.

 

I would think that the RBR50 has a firewall of its own to remedy my concern but I do not see anything in the web gui showing that or what it amy be currently blocking.

 

Does this mean that there is currently zero protection on my LAN and if I want any security, for example to block port 113 like the Xfinity router is set to, that I would have to create that manually in the RBR50 interface? If so how do i know what other ports I should be blocking that the Xfinity router may be protecting me from?

 

I am using DMZ because I saw it recommended multiple times in posts here. I do have the option of putting hte Xfintiy router in Bridge mode but would assume that would defintiely disable the Xfinity firewall and i would have the same questions. I also figured using hte DMZ set up would have the Xfinity router continue to manage the MoCA network and I would not have to worry about any issues with my DVR setup.

 

Thanks in advance for any help that can be offered on this question. Let me know if there is any additonal ifno I can provide on this topic.

---

Hi @FURRYe38 ,

Thank you for your reply. Option 2 is what I am currently using and I believe I saw the exact same options in a previous post of yours that gave me the idea.

This still however leaves the questions regarding the firewall functionlity of the Orbi unanswered as well as what role the router firewalll may or may not be playing.

How can I see that the Orbi firewall is active and what it is currently set to protect?

The firewall is automatic and always running on Orbi systems when in router mode. AP mode it gets disabled. 

You can look at the router logs and be sure you have "Known DoS attacks and Port Scans" enabled. If you see and DoS entries in the log which most do, you'll know its working. It always is. 

Just circling back to this topic.

I did check my logs from when I had the Orbi enabled as the router and desginated as a DMZ on the Xfintiy router and in fact saw DoS entires. Per your previous post this confims the firewall is working. I really wish this firewall and it's settings were visible to the end user for peace of mind.

Unfortunately while I had internet conenctivity on all my devices connected ot the main Orbu router I could not get any connectivity from the devices conencted ot my satellite. I was not even getting an IP address. I discovered this on my Xbox One and a smart home hub I have connected. The satellite was connected to the main router as it did not have any LED illuminated and conenction status was confirmed as god in the Router web gui. Due to this fact I had to put the Orbi back in to AP mode and remove it as a DMZ on the Xfintiy router.

I will make another attempt this weekend by putting the Xfinity router into Bridge mode as soon as I figure out how to put it back in to router mode if it deos not work out. I will update with the results.

Ok keep us posted. I would be best if the ISP modem was bridged fully if possible.

The one DMZ configuration, the RBS should have connected to the RBR and go a IP address from the RBR if it wirelessly connected correctly to the RBR.

Anyways, keep us posted.