NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Can Port Forwarding cause any problems?
Hey folks, I had a few questions about Port Forwarding and thought this was the perfect place to discuss them. A little bit of background: My ISP has provided me with a modem/router (D-Link ...
shaanshivananda wrote:
My ISP has provided me with a modem/router (D-Link DIR-825) that does not have Bridge Mode, and I've connected the Netgear Nighthawk XR500 to the modem/router via ethernet. In order to get rid of Double NAT, I have enabled DMZ on the modem/router
This doesn't actually get rid of double-NAT. You still have external IP address-> (DIR-825 NAT) -> DIR825 private address -> (XR500) -> XR500 private address. That is, you still have two devices that are doing back-to-back NAT translation.
What you have done is avoided the complexity of doubled port forwarding - since all unsolicited inbound internet traffic is being routed to the XR500.
shaanshivananda wrote:
Here is what the table looks like:
Service
External Ports
Internal Ports
Internal IP Address
XBOX (88 UDP)
88
88
xxx.xxx.x.x
XBOX (3074 TCP/UDP)
3074
3074
xxx.xxx.x.x
XBOX (53 TCP/UDP)
53
53
xxx.xxx.x.x
XBOX (80 TCP)
80
80
xxx.xxx.x.x
XBOX (500 UDP)
500
500
xxx.xxx.x.x
XBOX (3544 UDP)
3544
3544
xxx.xxx.x.x
XBOX (4500 UDP)
4500
4500
xxx.xxx.x.x
FWIW, it is safe to post private IP addresses, since they are not internet routable. Posting those addresses can make it easier for people to respond. Private address ranges are:
- 198.x.x.x
- 10.x.x.x
- 172.16.0.0 - 172.31.255.255
https://en.wikipedia.org/wiki/Private_network
shaanshivananda wrote:- Since my second router is running through DMZ set up on the first modem/router (D-Link dir-825), is it okay to port forward on the second router (XR500)?
Yes, and in some case you might need to do that in order to access internet services.
When you do forward ports, you should also reserve the IP address of the destination (e.g. the xbox or the PS4) in the XR500. That ensures that the forwarded traffic will always reach the device you intend.
shaanshivananda wrote:
2. Is there a massive benefit to portforwarding for the Xbox One and PS4?If the services are working well now, then there is no benefit to port forwarding (and you shouldn't do it).
Normally NAT requires a two-way connection to the internet service/device. The connection begins outbound (with the xbox or PS4 reaching out to the service). Once that happens, the NAT allows a reverse connection to run over the same path.
All port-forwarding does it enable an inbound connection to be made without the outbound one. The way it does that is to tell the router to send all traffic received on the port to the xbox (or ps4).
There is an alternative way that this can be set up in the router. Most routers support a service called uPNP. That allows the application on the xbox/ps4 to tell the router to set up the inbound connection. It has the same effect as port forwarding, except it is done automatically instead of manually. That also allows the port forwarding to be done dynamically instead of statically.
shaanshivananda wrote:
3. Will there be issues if I set up Port Forwarding?4. Is it a good idea to set up Port Forwarding for my consoles?
I think this is really the same question asked two different ways.
Port forwarding can expose your devices to hacking, since it allows any device on the internet to reach your consoles using those ports. So you should always be cautious about forwarding a port.
And you can only forward a port to a single device. In particular, if you forward port 80 to the xbox, then you wouldn't be able to forward that port to a web server on a different console.
In your case, your table appears to be the one Microsoft publishes for use of xbox live ( https://support.xbox.com/en-US/xbox-one/networking/network-ports-used-xbox-live ). Note their statement: To let your Xbox One console communicate with Xbox Live, you might have to open or forward ports...
If your console is already working with Xbox Live, then there's no reason for forward these ports. If it's not working, then you likely will have to forward at least some of them. You can see which ones by looking at the upnp connection list in the xr500. Anything missing there likely needs to be forwarded.
shaanshivananda wrote:
My ISP has provided me with a modem/router (D-Link DIR-825) that does not have Bridge Mode, and I've connected the Netgear Nighthawk XR500 to the modem/router via ethernet. In order to get rid of Double NAT, I have enabled DMZ on the modem/router
This doesn't actually get rid of double-NAT. You still have external IP address-> (DIR-825 NAT) -> DIR825 private address -> (XR500) -> XR500 private address. That is, you still have two devices that are doing back-to-back NAT translation.
What you have done is avoided the complexity of doubled port forwarding - since all unsolicited inbound internet traffic is being routed to the XR500.
shaanshivananda wrote:
Here is what the table looks like:
Service
External Ports
Internal Ports
Internal IP Address
XBOX (88 UDP)
88
88
xxx.xxx.x.x
XBOX (3074 TCP/UDP)
3074
3074
xxx.xxx.x.x
XBOX (53 TCP/UDP)
53
53
xxx.xxx.x.x
XBOX (80 TCP)
80
80
xxx.xxx.x.x
XBOX (500 UDP)
500
500
xxx.xxx.x.x
XBOX (3544 UDP)
3544
3544
xxx.xxx.x.x
XBOX (4500 UDP)
4500
4500
xxx.xxx.x.x
FWIW, it is safe to post private IP addresses, since they are not internet routable. Posting those addresses can make it easier for people to respond. Private address ranges are:
- 198.x.x.x
- 10.x.x.x
- 172.16.0.0 - 172.31.255.255
https://en.wikipedia.org/wiki/Private_network
shaanshivananda wrote:
- Since my second router is running through DMZ set up on the first modem/router (D-Link dir-825), is it okay to port forward on the second router (XR500)?
Yes, and in some case you might need to do that in order to access internet services.
When you do forward ports, you should also reserve the IP address of the destination (e.g. the xbox or the PS4) in the XR500. That ensures that the forwarded traffic will always reach the device you intend.
shaanshivananda wrote:2. Is there a massive benefit to portforwarding for the Xbox One and PS4?
If the services are working well now, then there is no benefit to port forwarding (and you shouldn't do it).
Normally NAT requires a two-way connection to the internet service/device. The connection begins outbound (with the xbox or PS4 reaching out to the service). Once that happens, the NAT allows a reverse connection to run over the same path.
All port-forwarding does it enable an inbound connection to be made without the outbound one. The way it does that is to tell the router to send all traffic received on the port to the xbox (or ps4).
There is an alternative way that this can be set up in the router. Most routers support a service called uPNP. That allows the application on the xbox/ps4 to tell the router to set up the inbound connection. It has the same effect as port forwarding, except it is done automatically instead of manually. That also allows the port forwarding to be done dynamically instead of statically.
shaanshivananda wrote:
3. Will there be issues if I set up Port Forwarding?4. Is it a good idea to set up Port Forwarding for my consoles?
I think this is really the same question asked two different ways.
Port forwarding can expose your devices to hacking, since it allows any device on the internet to reach your consoles using those ports. So you should always be cautious about forwarding a port.
And you can only forward a port to a single device. In particular, if you forward port 80 to the xbox, then you wouldn't be able to forward that port to a web server on a different console.
In your case, your table appears to be the one Microsoft publishes for use of xbox live ( https://support.xbox.com/en-US/xbox-one/networking/network-ports-used-xbox-live ). Note their statement: To let your Xbox One console communicate with Xbox Live, you might have to open or forward ports...
If your console is already working with Xbox Live, then there's no reason for forward these ports. If it's not working, then you likely will have to forward at least some of them. You can see which ones by looking at the upnp connection list in the xr500. Anything missing there likely needs to be forwarded.
The DLink DIR-825 isn't a modem/router - much more a basic (and dated) WiFi router with an Ethernet WAN port.
What does stop you from replacing this DIR-825 by the Netgear XR500 (in router mode)?
Ref. the port forwarding: The same port(s) can not be forwarded (neither by static port forward nor by UPnP PMP) to more than one NATed IP address. However, with a modern router like the XR500 these game consoles are able to handle the required port forwardings automatically.
Hello schumaku! Thanks for taking the time to answer the question!
The DLink DIR-825 isn't a modem/router - much more a basic (and dated) WiFi router with an Ethernet WAN port.
Oh wow okay, this is something that I was completely unaware of. This makes so much more sense now.
What does stop you from replacing this DIR-825 by the Netgear XR500 (in router mode)?
Well, my ISP has installed the connection on the ground floor of the house and my room and studio are on the 1st floor. The WiFi signals between the two floors are quite poor even with a powerful router.
But, I am going to contact my ISP soon and move the connection up to the first floor and connect it directly to the XR500. Then I will set up an access point on the ground floor for other family members to use.
Ref. the port forwarding: The same port(s) can not be forwarded (neither by static port forward nor by UPnP PMP) to more than one NATed IP address. However, with a modern router like the XR500 these game consoles are able to handle the required port forwardings automatically.
Okay interesting, I think I am not going to port-forward then. It seems uneccessary since everything works fine now. But I am definitely going to get rid of the D-Link DIR-825 and make the XR500 the main router.
Thank you!
