D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: danfeeley on December 27, 2009, 07:09:18 PM
-
Greetings,
I have a DFL-210, just upgraded to the latest firmware 2.26.00.
I've had this firewall for many years. I've also had an xbox 360 for about two years and have always had this problem. The xbox complains that the NAT is "strict". My interpretation of this meaning it does not have a static NAT setting, but I do.
The xbox has a fixed IP.
I have had these two(2) rules setup for inbound access to the xbox for the two years its been connected and it doesnt help.
- Rule 1 is a SAT related rule for all TCP/UDP/services to the xbox, with the option All-to-One Mapping enabled.
Rule 2 is an allow inbound rule for all TCP/UDP/services to the xbox.
To test, if I set my laptop to have the IP address that is normally used by the xbox, turn off my personal firewall and run a firewall scanner from an external web service (ie: ShieldsUp, symantec ,etc) it shows all the usual ports you would expect a windows PC to have open (ie: 135-139, 445, 3389, etc). So this validates that the inbound rules are working.
Only 1 port is not forwarded to the xbox. Its 443, and its for external firewall management.
Microsoft support says you only need UDP 80, and TCP/UDP 53,3074. I am sure other ports or used, but my above test should make this meaningless, unless its going to use 443 (which I doubt since most online games use high UDP ports).
Any suggestions? Is there some obscure "Advance Settings" option that need to be changed to give compatibility that the xbox is needing?
-
Is your functionality impaired?
The DFL does not support UPnP, so forwarding all ports like you have done is necessary, but I suspect that Microsoft may declare NAT strict if it does not get a UPnP response.
I have a public IP at home which gets forwarded to my xbox, just like you have set up, I don't know what Microsoft thinks of my NAT type, but everything works for me.
-
I am only partially impaired.
From what I read Microsoft declares 3 types of NAT classifications - strict, moderate, open.
I think open is when your router does UPNP. Moderate is when you manually forward the appropriate ports.
I thought I would be "moderate" because I am doing all of the port-forwarding (except for 443 which is not used by the xbox). But unfortunately my NAT its declared "strict". You can get your NAT rating when you run a test from the xbox to microsoft Live. It will let you know your NAT rating as part of the test results.
When you have a strict NAT some online games are impaired. As an example I can only participate in online games where other players in the party are also "strict". It really depends on the game as some games use the individual xbox of the players to host the server, where some game companies provide online servers hosting the game.
So as you can imagine if you play a game where you host the game, and your are strict, you have a problem.
What I don't get is why I am not considered "moderate".
So I really think there is some other obscure setting that is causing the xbox to think is strict, beyond the lack of UPNP support.
Any other suggestions?
-
I would take a look at your logs make sure you are not seeing some traffic drops or something. I will check the NAT type on my XBOX tonight if I get a chance.
-
Greetings,
Were you able to check your NAT type?
-
I'm sorry, I flat forgot to check that. I will check it first chance I get, Thanks for the reminder.