I have connected it to my Netgear Orbi Mesh 750 system.
The Local Network is on 10.0.0.2 - 10.0.0.100.
The ZTE modem / Orbi Mesh system is in 192.168.1.XX IP address system
The Rock is on an Intel NUC11PAHi330ZO. The rock address is 10.0.0.21 connected by ethernet to the Orbi mesh
The Internet service provider in India is Airtel
I have got static IP enabled to enable opening of the ports
I am unable to configure port forwarding on the ZTE modem. However the Orbi Router has opened the relevant port and the issue is with the ZTE modem connected to the Internet.
If I enable DMZ setting on the ZTE router, Roon ARC is working well.
Can you please advise how the router is to be configured so as not to use DMZ
You have two routers both of which are performing NAT. However, because you state that it all works when you use the DMZ option on the ZTE router (presumably putting the Orbi router into the DMZ), we can be sure that your ISP is not using CG-NAT which is good.
You are using uPnP to configure a port forwarding rule on the Orbi Router but this is unable to automatically configure the required port forwarding on the ZTE router.
Instead you will need to configure port forwarding on the ZTE router manually - and forward the ARC port (55002) to the WAN side address of the Orbi Router (which will be a 192.168.1.x address). You may also find that the Roon ARC connectivity test continues to report an issue because your ISP supplied ip address (the one represented by 122.hhh.iii.jjj in the diagnostic text) does not match the WAN side address of the Orbi Router to which the Roon Server is connected.
Alternatively, as a preferred solution, you could just configure the Orbi router in ‘Access Point’ mode so that it does not perform Network Address Translation (NAT). See:
Then you will have elliminated the MultipleNatFound issue and the only port forwarding required will be on the ZTE router (which can be done either manually or automatically by using uPnP).
Note: If you change the Orbi router to Access Point mode, you will need to force all connected devices to get a new ip address from the ZTE router (in the 192.168.1.x subnet). This may require you to power cycle some devices.
Finally, whilst using a DMZ to solve ARC port forwarding is frowned upon because of the severe security issues associated with putting a non-firewall device in a DMZ, in your case, putting the Orbi Router, and only the Orbi Router, in the DMZ on the ZTE is not such a security risk because the Orbi Router itself isolates the rest of your network from any attacks and provides the security that a DMZ normally circumvents. However, you should only consider this option if you have no other devices connected to the ZTE router and the ZTE router’s WiFi is disabled because the use of the DMZ would mean that a DOS attack could still interfere with the operation of other devices connected to the ZTE router. This would effectively mean that all security aspects were handed off to the Orbi router to handle - but the Orbi router security should not be any worse than that of the ZTE router.
@Wade_Oram
Wow
Thanks a million for your effort in explaining in detail the nuances. I can’t thank you enough. I put my Orbi on AP mode, switched off DMZ on the ZTE and the system was immediately able to connect.
The ISP guys have no clue and apparently they always suggest DMZ for any one wanting to open any port. I was uncomfortable with this arrangement.
But the second part of you explanation was reassuring. I have nothing connected to my ZTE - just use the superior WiFi and mesh system provided by the Orbi 750 and all devices - wired and WiFi are on the Orbi network.
The ZTE interface is quite poor compared to the Orbi and much of the details of the various devices connected to the network are not available on the ZTE interface page. The Orbi interface page also now that it is in AP mode is quite minimalistic. I subscribe to Bitdefender on the Orbi Router. Will placing the Orbi back in DMZ zone of the ZTE and all devices behind the Orbi give me the necessary protection for my home WiFi network?
As it stands, with the Orbi in access point mode, your network security is looked after by the ZTE router and the Orbi router does not contribute to security.
If you go back to using the Orbi in Router mode and configure the ZTE router to place the Orbi router in a DMZ, then the ZTE router will not contribute to your network security and you will be 100% reliant on the security that the Orbi provides.
It is up to you as to which your trust more - the ZTE security with the Orbi in Access point mode or the Orbi security with the Orbi in Router mode and in the DMZ of the ZTE router.
Important: Do not use a DMZ on the ZTE router when the Orbi router is configured in Access Point Mode.
The other solution mentioned - a manual port forwarding rule on the ZTE router to forward port 55002 to the Orbi router combined with a port forwarding rule on the Orbi router to forward port 55002 to the Roon Server (possibly also configured manually because of the issue with the Roon ARC connectivity test that I mentioned earlier) should also work and will provide protection from your network from both devices.
I trust the Orbi security settings more than the ZTE. I have sent the system back to Orbi in the DMZ and all wired / Wifi connections through the Orbi. I would like to avoid the DMZ if possible.
As a last favour could you please help me if possible to configure my ZTE to forward the port 55002 to the Orbi Router rather than putting it in DMZ.
The Orbi Router is on 192.168.1.2
The orbit router has automatically configured the forwarding of port 55002 as per below screen shot
You only need to forward port 55002 for TCP traffic. UDP is not used by Roon ARC. So, in the port forwarding setting of the ZTE router you need to create a Rule to forward TCP connections on port 55002 to the WAN side ip address of your Orbi router (which will be 192.168.1.2).
Thus, on the ZTE settings page above I believe you need to enter:
Name: Anything you like - for example “RoonARC”
Protocol: TCP
WAN connection: I don’t know - but ‘auto’ would be a good start
WAN Host IP Address: leave as it is
LAN Host: 192.168.1.2 (The ip address of the Orbi router as seen by the ZTE router - not the ip address that you use to get to the web ui of the Orbi router.
WAN Port: 55002 - 55002
LAN Host Port: Leave blank or set to 55002 - 55002
And then click ‘Apply’.
Please note: I am not familiar with this router so the above is only a guess based on what works with other routers.
Also, as I mentioned earlier, doing this may mean that you still get a failed ARC connection test in Roon Settings because of the Orbi router WAN side ip address mismatch. If this is the case, you will have to turn off uPnP in the Orbi and create a manual port forwarding rule to forward TCP connections on port 55002 to 10.0.0.8
