NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

shaanshivananda's avatar
Jul 20, 2019
Solved

Can Port Forwarding cause any problems?

Hey folks,   I had a few questions about Port Forwarding and thought this was the perfect place to discuss them.   A little bit of background: My ISP has provided me with a modem/router (D-Link ...
  • StephenB's avatar
    Jul 20, 2019

    shaanshivananda wrote:

     

    My ISP has provided me with a modem/router (D-Link DIR-825) that does not have Bridge Mode, and I've connected the Netgear Nighthawk XR500 to the modem/router via ethernet. In order to get rid of Double NAT, I have enabled DMZ on the modem/router

     


    This doesn't actually get rid of double-NAT.  You still have external IP address-> (DIR-825 NAT) -> DIR825 private address -> (XR500) -> XR500 private address.  That is, you still have two devices that are doing back-to-back NAT translation.

     

    What you have done is avoided the complexity of doubled port forwarding - since all unsolicited inbound internet traffic is being routed to the XR500.

     


    shaanshivananda wrote:

     

    Here is what the table looks like:

     

    Service

    External Ports

    Internal Ports

    Internal IP Address

    XBOX (88 UDP)

    88

    88

    xxx.xxx.x.x

    XBOX (3074 TCP/UDP)

    3074

    3074

    xxx.xxx.x.x

    XBOX (53 TCP/UDP)

    53

    53

    xxx.xxx.x.x

    XBOX (80 TCP)

    80

    80

    xxx.xxx.x.x

    XBOX (500 UDP)

    500

    500

    xxx.xxx.x.x

    XBOX (3544 UDP)

    3544

    3544

    xxx.xxx.x.x

    XBOX (4500 UDP)

    4500

    4500

     xxx.xxx.x.x

     


    FWIW, it is safe to post private IP addresses, since they are not internet routable.  Posting those addresses can make it easier for people to respond.  Private address ranges are:

    • 198.x.x.x
    • 10.x.x.x
    • 172.16.0.0 - 172.31.255.255

    https://en.wikipedia.org/wiki/Private_network

     


    shaanshivananda wrote:
    1. Since my second router is running through DMZ set up on the first modem/router (D-Link dir-825), is it okay to port forward on the second router (XR500)?

    Yes, and in some case you might need to do that in order to access internet services.

     

    When you do forward ports, you should also reserve the IP address of the destination (e.g. the xbox or the PS4) in the XR500.  That ensures that the forwarded traffic will always reach the device you intend.

     


    shaanshivananda wrote:

     

    2. Is there a massive benefit to portforwarding for the Xbox One and PS4?

    If the services are working well now, then there is no benefit to port forwarding (and you shouldn't do it).

     

    Normally NAT requires a two-way connection to the internet service/device.  The connection begins outbound (with the xbox or PS4 reaching out to the service).  Once that happens, the NAT allows a reverse connection to run over the same path.  

     

    All port-forwarding does it enable an inbound connection to be made without the outbound one.  The way it does that is to tell the router to send all traffic received on the port to the xbox (or ps4).

     

    There is an alternative way that this can be set up in the router.  Most routers support a service called uPNP.  That allows the application on the xbox/ps4 to tell the router to set up the inbound connection.  It has the same effect as port forwarding, except it is done automatically instead of manually.  That also allows the port forwarding to be done dynamically instead of statically.

     


    shaanshivananda wrote:
    3. Will there be issues if I set up Port Forwarding?

    4. Is it a good idea to set up Port Forwarding for my consoles?

    I think this is really the same question asked two different ways.

     

    Port forwarding can expose your devices to hacking, since it allows any device on the internet to reach your consoles using those ports.  So you should always be cautious about forwarding a port.  

     

    And you can only forward a port to a single device.  In particular, if you forward port 80 to the xbox, then you wouldn't be able to forward that port to a web server on a different console.

     

    In your case, your table appears to be the one Microsoft publishes for use of xbox live ( https://support.xbox.com/en-US/xbox-one/networking/network-ports-used-xbox-live ).  Note their statement: To let your Xbox One console communicate with Xbox Live, you might have to open or forward ports...

     

    If your console is already working with Xbox Live, then there's no reason for forward these ports.  If it's not working, then you likely will have to forward at least some of them.  You can see which ones by looking at the upnp connection list in the xr500.  Anything missing there likely needs to be forwarded.