bl00dl1ne's profile

Contributor

 • 

2 Messages

Sunday, March 3rd, 2013 12:06 AM

XBox Live problem - 2wire NAT is not open

I just got Uverse yesterday. I discovered that my NAT is moderate, which prevents me from joining my friends in games. I tried forwarding all the ports that microsoft reccomends... hasn't worked. Any input?

Accepted Solution

Official Solution

Expert

 • 

9.4K Messages

11 years ago

OK, I don't have an XBox 360, so I can't test this, but I did a lot of research tonight on this issue because this has been an ongoing question/problem that has been posted several times on the forum.  Here are a few facts and my recommendation:

 

  • The reason that the XBox 360 is very particular about the NAT on the user's router is due to the way the XBox 360 connects to other users to play a game.  While the XBox Live servers are used to register and coordinate game play, the actual internet communication between XBox 360 consoles is peer-to-peer for several of the communication streams.
  • Even though a lot of XBox 360 communication is initiated from inside the firewall (i.e. the connection is outbound, and therefore the port opens automatically), this is sometimes not enough for proper game play, because multiple other XBox 360's have to send packets back to yours on that open port.  Many routers will not allow a packet from just anyone on the Internet to come back in on that open port.  Many routers will specifically only allow packets coming back in from the same source port as the initial outbound packet was directed to (if your router restricts inbound packets like this, then the NAT type is labeled "moderate").  Some routers go further and will only allow packets coming back in from the same source port AND the same source IP address as the initial outbound packet was directed to (if your router restricts inbound packets like this, then the NAT type is labeled "strict").  If your router is not restricting inbound packets by source port or IP address, then the NAT type is labeled "open".
  • The XBox 360 is smart enough to compensate for moderate and strict NAT types if the majority of the other people who have joined the game are open NAT types.  Where problems occur is when multiple people in the game have moderate or strict NAT, then the gameplay won't work properly.  Thus, the preferred setup is to have an open NAT type, because this makes it such that your XBox 360 can join and stay connected to any game on the Internet, regardless of other people's NAT types.
  • For routers that support Universal Plug and Play (UPnP), the XBox 360 can direct the router to open ports such that the NAT type will be open.  However, as has been mentioned before:
    • UPnP is a security nightmare, because there is no authentication, authorization, or logging for UPnP requests to the router.
    • The 2Wire routers that AT&T uses do not support UPnP anyway.
  • Microsoft has some documentation in several places for how to open ports on your router if your router does not support UPnP.  Unfortunately, these directions are incorrect, and open far more ports than are necessary for proper operation.

 

Here is the proper method to open ports on the 2Wire routers for the XBox 360.  This should give you an open NAT.

 

  1. Open a web browser, browse to the URL of your U-Verse® Residential Gateway (usually http://192.168.1.254).
  2. Click the Settings tab at the top.
  3. Click the Firewall label in the second row of tabs.
  4. Click the Applications, Pinholes, and DMZ label in the third row of tabs.
  5. Click on your XBox 360 under section (1).  You will probably have to identify it by its IP address.
  6. Click the Allow Individual Applications button under section (2).
  7. Click Add a New User-Defined Application.
  8. Type "XBox 360 Live" in the Application Profile Name field.
  9. Select TCP for the protocol.
  10. Type 3074 in the Port From and Port To fields.
  11. Leave the Protocol Timeout field blank.
  12. Leave the Map to Host Port field blank.
  13. Do not select anything in the Application Type pull-down.
  14. Click the Add to List button.
  15. Select UDP for the protocol.
  16. Type 3074 in the Port From and Port To fields.
  17. Leave the Protocol Timeout field blank.
  18. Leave the Map to Host Port field blank.
  19. Do not select anything in the Application Type pull-down.
  20. Click the Add to List button.
  21. Select UDP for the protocol.
  22. Type 88 in the Port From and Port To fields.
  23. Leave the Protocol Timeout field blank.
  24. Leave the Map to Host Port field blank.
  25. Do not select anything in the Application Type pull-down.
  26. Click the Add to List button.
  27. Click the Back button.
  28. Reselect your XBox 360 under section (1).  You will probably have to identify it by its IP address.
  29. Click the Allow Individual Applications button under section (2).
  30. Click "XBox 360 Live" in the Application list.
  31. Click the Add button.  XBox 360 Live will now be listed in the Hosted Applications list.
  32. Click the Save button at the bottom.

 

Now reboot your XBox 360, you should have an open NAT type.

 

This procedure opens only the necessary ports on your router (3074 TCP/UDP, and 88 UDP), and directs them to the XBox 360 only, not to the whole network.  Thus, the security implications are minimal.

 

Hopefully, this procedure should work for you.  Please post your results so that we know if this is solved or not.

 

Here are two of the references where this information is further discussed:

 

http://forums.xbox.com/xbox_forums/b/engineering_blog/archive/2011/06/21/nats_2d00_and_2d00_xbox_2d00_live.aspx

 

http://compnetworking.about.com/b/2008/11/15/tcp-and-udp-port-numbers-for-xbox-live.htm

 

 

Accepted Solution

Official Solution

ACE - Expert

 • 

34.7K Messages

11 years ago


@tinalms2001 wrote:
You might want to also explain this to the AT&T tech support folks. As they are telling me that it does not matter that I assign a port to be open on a specific IP address that it will be open for everything. Well not with their gateway. It would be great if I could do that then both xboxes would work. However I cannot assign the same open ports to 2 different IP addresses with their 2wire gateway. It does not support what they sell as in the u-verse xbox set to run your u-verse through the xbox and then actually use the xbox for online gaming. Xbox will work great with u-verse if you are a hermit one person household. Now in the real world where many homes have more than one person and more than one xbox or gaming computer or playstation whatever it may be. you cannot play online with 2 at the same time. One is fine but 2 not gonna happen. As the 2nd one will have a strict NAT that will not allow you to join game sessions. So until AT&T can figure this out and their tech support can actually be useful I would not recommend u-verse to anyone. Maybe they should go and take pointers from Comcast, Wow, and even time warner they all know how to make it work without an issue!!!!

You cannot port forward the same port from one public IP address through a NAT gateway to two different private addresses.  It cannot be done, regardless of the vendor of the router.  To accomplish what you want the RG has to have two different public addresses to route the same port to two devices inside the home.  Once you have that, there is no port forwarding configuration needed, just opening the ports in the RG FW.

 

Accepted Solution

Official Solution

Expert

 • 

9.4K Messages

11 years ago


@tinalms2001 wrote:
However I cannot assign the same open ports to 2 different IP addresses with their 2wire gateway.

 

You cannot assign the same open port to 2 different internal devices behind any router that does NAT. This is not a limitation of the 2Wire, it is a limitation of Network Address Translation.

 

No router, either provided for you from the ISP nor a 3rd-party one you purchase, whether it's a $19.99 Buffalo Tech super special or a $5000.00 Cisco 2951 can get past this limitation.

 

Now, there are two ways to make 2 XBoxes have an open NAT:

 

1. Two public IP addresses.  For each public IP address, you forward the proper ports to each XBox.

 

2. You can use a UPnP-capable router, and both XBoxes will properly open their own ports without any port forwarding.  (The 2nd XBox figures out that the 1st one is using the normal ports, and the 2nd XBox automatically configures itself to use a set of alternate ports).

 

The U-Verse 2Wire router (and many other routers provided by other ISPs) does not have the UPnP feature, so solution #2 will not work with the 2Wire.

 

However, if you want to purchase your own 3rd-party router that has UPnP, you can install it behind the 2Wire in the DMZ (http://forums.att.com/t5/Residential-Gateway/U-verse-for-BUSINESS-2Wire-3600HGV-bridge-mode-or-another-AT-amp/m-p/2707755#M182), and then both XBoxes will work.

 

 

 

New Member

 • 

25.7K Messages

11 years ago

We never had any issues with the 2wire gateway and my son's Xbox 360 or PS3. First remove all the ports that Microsoft recommended to be forwarded, they are not needed.

And yes NAT will be moderate, because the 2-Wire does not use UPnP, which is a huge security risk, with holes that have not been fixed in years.

Just shut everything down, then reboot the gateway, let it sync. Then boot any computers, let them sync with the gateway. When you turn on the Xbox, do a network setup, and let it go through the setup and that should be it.

Keep in mind also with recent changes Microsoft made to their Xbox Live system, they have implemented certain restrictions, that you have to pay for a Gold membership to utilize.

Scholar

 • 

101 Messages

11 years ago

Greg is right that the 2Wire does not support UPnP and that is why it doesn't work with xbox live right out of the box.

However, you can say a lot of things have security risks like many of the Adobe plugins Flash and Reader. Doesn't mean everyone is going to stop using them. Sometimes it is a necessary evil in some situations.

So unlike what Greg said do not remove all the ports that are forwarded. You will need to them get it so you have a NAT Open status with xbox live. I ran into this same issue with my Airport Extreme since it doesn't support UPnP but a variant NAT-PMP.

However do need to ensure that you have all the right ports forwarded.
This MS page lists all the ports that you need to forward for UDP and TCP.
http://support.xbox.com/en-US/xbox-live/connecting/network-ports-used-xbox-live

Also make sure that you have these forwarding to the correct IP for the xbox. You may want to setup your xbox with a static ip to ensure it doesn't happen to change later.

Give that a shot first and see how it works out for you.

New Member

 • 

25.7K Messages

11 years ago

nephlpower, you do not need to open any ports on the 2-wire or NVG510 for the game systems to work. The firewall will open those ports as it sees need to. Otherwise they stay stealth closed, and even opened, they still remain in stealth mode.

Placing them open all of the time, leaves you for huge security breaches in your network.

Scholar

 • 

101 Messages

11 years ago

No greg you are wrong. That is why the OP posted. SOME of the functionality of xbox may work but situations like he posted about not being able to join a game a friend is hosting is a problem you run into when your NAT status on Xbox Live is Moderate.

I have personally run into the same situation above and Microsoft also specifically warns that you will loose functionality if your NAT status is not Open. Just because your Son hasn't run into the problems with having a moderate NAT status and hasn't bugged you about it doesn't mean the problem doesn't exist.

New Member

 • 

25.7K Messages

11 years ago

Sorry, but if you follow Microsoft's instructions, it will leave you open for open ports on your firewall. I have hooked up hundreds of systems, and never had a issue with leaving it as is, and they work.

All you have to do is disregard the whole NAT "Moderate" issue, and you will be fine. The games will work just fine with leaving them as is.

Mentor

 • 

44 Messages

11 years ago


@gregzoll_1 wrote:
Sorry, but if you follow Microsoft's instructions, it will leave you open for open ports on your firewall. I have hooked up hundreds of systems, and never had a issue with leaving it as is, and they work.

All you have to do is disregard the whole NAT "Moderate" issue, and you will be fine. The games will work just fine with leaving them as is.

If Microsoft believed opening ports for the Xbox were a security issue, they wouldn't tell you to do it. Here's a post from a guy on the Xbox forums that explains why you should open up just the ports Microsoft identifies (and forward to the Xbox only), and why it's not a security risk. He also explains why you may sometimes be able to play with others on Xbox Live even if your NAT is set to strict or moderate.

 

http://forums.xbox.com/xbox_forums/xbox_support/f/9/t/157383.aspx

New Member

 • 

25.7K Messages

11 years ago

That info is dated, and is no longer valid, since the changes that have been made in the firmware for the xbox-360 platform, and the firmware for routers have been updated, due to changes that have happened since 2011.
Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.