I recently renewed my FIOS contract and the installer gave me the option to replace the G1100 with a Arris NVG468MQ. I declined and kept the G1100 because I might regret it without being able to test and compare in detail, and go back to the G1100 if desired.
For that reason, I now bought a Frontier branded new Arris NVG468MQ on ebay. The switch-over was pretty painless and I was able to do a side-by-side comparison.
Overall, the features are similar, the G1100 has an extra USB port (i.e. two, that probably nobody uses), but the Arris also has VOIP (that I don't use) and has an on/off switch. A power switch adds another mechanical point of failure and another dumb failure point ("hey frontier, everything is plugged it but it does not work" ... "did you notice the switch?" :D).
Power use: both use about 12W in normal use with both radios (2.4 and 5GHz) enabled. Tie! (the Arris phone connector (VOIP) is not used)
The UI is arranged similarly but there are differences. For example the port forwarding seems more functional on the G1100 because you can create more advanced ranges via "advanced...port forwarding rules". On the Arris you need to create multiple rules if there are multiple ports (e.g. my security system requires TCP/1025 and TCP/8000 forwarded to the same local IP. This requires two rules on the Arris, but only a single rule on the G1100.)
Logging is not that great on both. For example, the firewall log on the Arris is not configurable and only lists IPs, not even ports. I have not tried sending the logs to a syslog server to see if the are a little richer. All I want is to log incoming accepted connections to the forwarded ports but all I see is uninteresting noise with no useful information!
One major bummer is the fact that the Arris apparently does not implement a NAT loopback proxy. This means if I try to use my remote security app from the LAN side (i.e. connecting to the public IP via ddns) the connection fails.
On the G1100 this works perfectly! This is a major pain on the Arris and I hope that this will get fixed with a new firmware update.
I found a workaround! Lets' assume that the dynamic DNS name of my WAN IP is "abc.xyzddns.net". First, I changed the local domain on the router to xyzddns.net (advanced...connection settings...domain name) and named my security DVR "abc" (main...find device...click...rename to new name), it will translate to the local IP address (after resetting all cached values in the OS, etc. might take a long time to take effect)
Before adjusting as described:
Ping abc.xyzddns.net will successfully ping the WAN IP but a connection to a forwarded port will not go to the DVR when the client is on the LAN. Broken!
After making that adjustment:
Ping abc.xyzddns.net will successfully ping the LAN IP of the security DVR. Since the IP address is now local when I am coming from the LAN, things work. Fixed!
Note that if the client is coming from the WAN side, none of this matters.
While this is a workable solution (and significantly more efficient because the traffic does not involve the router! :)), it requires a lot of guessing and jumping through flaming hoops on the configuration screens. It also does not work if more than one device needs forwarded ports.
I hope that Arris will implement NAT loopback in upcoming firmware. This is a must for any modern router!
Does anyone know if the Arris has additional configuration pages that are not exposed in the web UI, but can be reached by special URLs?
Disclaimer: These are my personal findings and there is always a chance that I made a mistake or misinterpreted results. Feel free to test for yourself if the Arris implements NAT loopback or not. My observations indicate that it does not. An official word from Arris would be nice.
↧