This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I had a few questions about Port Forwarding and thought this was the perfect place to discuss them.
A little bit of background:
My ISP has provided me with a modem/router (D-Link DIR-825) that does not have Bridge Mode, and I've connected the Netgear Nighthawk XR500 to the modem/router via ethernet. In order to get rid of Double NAT, I have enabled DMZ on the modem/router and put the second routers IP address in the DMZ. Everything is working great.
The current situation:
I have heard many good things about Port Forwarding recently, and was wondering; Given my current background, is it okay to port forward some ports on the Netgear Nighthawk XR500 (second router) for my Xbox One and PS4?
Here is what the table looks like:
Service
External Ports
Internal Ports
Internal IP Address
XBOX (88 UDP)
88
88
xxx.xxx.x.x
XBOX (3074 TCP/UDP)
3074
3074
xxx.xxx.x.x
XBOX (53 TCP/UDP)
53
53
xxx.xxx.x.x
XBOX (80 TCP)
80
80
xxx.xxx.x.x
XBOX (500 UDP)
500
500
xxx.xxx.x.x
XBOX (3544 UDP)
3544
3544
xxx.xxx.x.x
XBOX (4500 UDP)
4500
4500
xxx.xxx.x.x
My questions:
Since my second router is running through DMZ set up on the first modem/router (D-Link dir-825), is it okay to port forward on the second router (XR500)?
Is there a massive benefit to portforwarding for the Xbox One and PS4?
Will there be issues if I set up Port Forwarding?
Is it a good idea to set up Port Forwarding for my consoles?
Thank you all so much for taking the time to read the post and helping out. I appreciate all the help I can get.
My ISP has provided me with a modem/router (D-Link DIR-825) that does not have Bridge Mode, and I've connected the Netgear Nighthawk XR500 to the modem/router via ethernet. In order to get rid of Double NAT, I have enabled DMZ on the modem/router
This doesn't actually get rid of double-NAT. You still have external IP address-> (DIR-825 NAT) -> DIR825 private address -> (XR500) -> XR500 private address. That is, you still have two devices that are doing back-to-back NAT translation.
What you have done is avoided the complexity of doubled port forwarding - since all unsolicited inbound internet traffic is being routed to the XR500.
FWIW, it is safe to post private IP addresses, since they are not internet routable. Posting those addresses can make it easier for people to respond. Private address ranges are:
Since my second router is running through DMZ set up on the first modem/router (D-Link dir-825), is it okay to port forward on the second router (XR500)?
Yes, and in some case you might need to do that in order to access internet services.
When you do forward ports, you should also reserve the IP address of the destination (e.g. the xbox or the PS4) in the XR500. That ensures that the forwarded traffic will always reach the device you intend.
2. Is there a massive benefit to portforwarding for the Xbox One and PS4?
If the services are working well now, then there is no benefit to port forwarding (and you shouldn't do it).
Normally NAT requires a two-way connection to the internet service/device. The connection begins outbound (with the xbox or PS4 reaching out to the service). Once that happens, the NAT allows a reverse connection to run over the same path.
All port-forwarding does it enable an inbound connection to be made without the outbound one. The way it does that is to tell the router to send all traffic received on the port to the xbox (or ps4).
There is an alternative way that this can be set up in the router. Most routers support a service called uPNP. That allows the application on the xbox/ps4 to tell the router to set up the inbound connection. It has the same effect as port forwarding, except it is done automatically instead of manually. That also allows the port forwarding to be done dynamically instead of statically.
@shaanshivananda wrote: 3. Will there be issues if I set up Port Forwarding?
4. Is it a good idea to set up Port Forwarding for my consoles?
I think this is really the same question asked two different ways.
Port forwarding can expose your devices to hacking, since it allows any device on the internet to reach your consoles using those ports. So you should always be cautious about forwarding a port.
And you can only forward a port to a single device. In particular, if you forward port 80 to the xbox, then you wouldn't be able to forward that port to a web server on a different console.
If your console is already working with Xbox Live, then there's no reason for forward these ports. If it's not working, then you likely will have to forward at least some of them. You can see which ones by looking at the upnp connection list in the xr500. Anything missing there likely needs to be forwarded.
My ISP has provided me with a modem/router (D-Link DIR-825) that does not have Bridge Mode, and I've connected the Netgear Nighthawk XR500 to the modem/router via ethernet. In order to get rid of Double NAT, I have enabled DMZ on the modem/router
This doesn't actually get rid of double-NAT. You still have external IP address-> (DIR-825 NAT) -> DIR825 private address -> (XR500) -> XR500 private address. That is, you still have two devices that are doing back-to-back NAT translation.
What you have done is avoided the complexity of doubled port forwarding - since all unsolicited inbound internet traffic is being routed to the XR500.
FWIW, it is safe to post private IP addresses, since they are not internet routable. Posting those addresses can make it easier for people to respond. Private address ranges are:
Since my second router is running through DMZ set up on the first modem/router (D-Link dir-825), is it okay to port forward on the second router (XR500)?
Yes, and in some case you might need to do that in order to access internet services.
When you do forward ports, you should also reserve the IP address of the destination (e.g. the xbox or the PS4) in the XR500. That ensures that the forwarded traffic will always reach the device you intend.
2. Is there a massive benefit to portforwarding for the Xbox One and PS4?
If the services are working well now, then there is no benefit to port forwarding (and you shouldn't do it).
Normally NAT requires a two-way connection to the internet service/device. The connection begins outbound (with the xbox or PS4 reaching out to the service). Once that happens, the NAT allows a reverse connection to run over the same path.
All port-forwarding does it enable an inbound connection to be made without the outbound one. The way it does that is to tell the router to send all traffic received on the port to the xbox (or ps4).
There is an alternative way that this can be set up in the router. Most routers support a service called uPNP. That allows the application on the xbox/ps4 to tell the router to set up the inbound connection. It has the same effect as port forwarding, except it is done automatically instead of manually. That also allows the port forwarding to be done dynamically instead of statically.
@shaanshivananda wrote: 3. Will there be issues if I set up Port Forwarding?
4. Is it a good idea to set up Port Forwarding for my consoles?
I think this is really the same question asked two different ways.
Port forwarding can expose your devices to hacking, since it allows any device on the internet to reach your consoles using those ports. So you should always be cautious about forwarding a port.
And you can only forward a port to a single device. In particular, if you forward port 80 to the xbox, then you wouldn't be able to forward that port to a web server on a different console.
If your console is already working with Xbox Live, then there's no reason for forward these ports. If it's not working, then you likely will have to forward at least some of them. You can see which ones by looking at the upnp connection list in the xr500. Anything missing there likely needs to be forwarded.
The DLink DIR-825 isn't a modem/router - much more a basic (and dated) WiFi router with an Ethernet WAN port.
What does stop you from replacing this DIR-825 by the Netgear XR500 (in router mode)?
Ref. the port forwarding: The same port(s) can not be forwarded (neither by static port forward nor by UPnP PMP) to more than one NATed IP address. However, with a modern router like the XR500 these game consoles are able to handle the required port forwardings automatically.
Firstly, thank you for taking out the time to answer all the questions and help me out. I have gaineda lot of clarity by reading your reply. It was very precise and I think I have you have helped a tonne! 🙂
This doesn't actually get rid of double-NAT. You still have external IP address-> (DIR-825 NAT) -> DIR825 private address -> (XR500) -> XR500 private address. That is, you still have two devices that are doing back-to-back NAT translation.
What you have done is avoided the complexity of doubled port forwarding - since all unsolicited inbound internet traffic is being routed to the XR500.
Thank you for clarifying this. I was completely unaware that this doesn't technically get rid of Double-NAT. I think avoiding the complexity of doubled port forwarding is a good solution for now but seems more like a bandaid solution that I have done. I want to ideally make the XR500 the main router and get rid of the first router altogether. I will contact my ISP and arrange accordingly.
FWIW, it is safe to post private IP addresses, since they are not internet routable. Posting those addresses can make it easier for people to respond. Private address ranges are:
Oh okay, I thought that it would be safe but didn't want to take the chances. Thank you for clearing the air on this. Yes, absolutely it would make it easier for others to respond. Will definitely keep this in mind when posting 🙂
Yes, and in some case you might need to do port-forwarding in order to access internet services.
When you do forward ports, you should also reserve the IP address of the destination (e.g. the xbox or the PS4) in the XR500. That ensures that the forwarded traffic will always reach the device you intend.
Interesting. I have already reserved IP addresses for all my main devices like the Xbox One, PS4, my laptop, and mobile phone so this is something I'm very happy about. I don't know if there's a huge benefit of setting static IPs but like you mentioned, in the case of port-forwarding, it is vital.
If the services are working well now, then there is no benefit to port forwarding (and you shouldn't do it).
Normally NAT requires a two-way connection to the internet service/device. The connection begins outbound (with the xbox or PS4 reaching out to the service). Once that happens, the NAT allows a reverse connection to run over the same path.
All port-forwarding does it enable an inbound connection to be made without the outbound one. The way it does that is to tell the router to send all traffic received on the port to the xbox (or ps4).
There is an alternative way that this can be set up in the router. Most routers support a service called uPNP. That allows the application on the xbox/ps4 to tell the router to set up the inbound connection. It has the same effect as port forwarding, except it is done automatically instead of manually. That also allows the port forwarding to be done dynamically instead of statically.
This is exactly what I was looking for! Thank you so much, I think this has answered the question perfectly. I am taking your advice and not setting up port forwarding since my devices seem to work fine at the moment. Additionally, uPnP is also enabled on the router as adviced (I think this was enabled by default on my router).
I think this is really the same question asked two different ways.
Port forwarding can expose your devices to hacking, since it allows any device on the internet to reach your consoles using those ports. So you should always be cautious about forwarding a port.
And you can only forward a port to a single device. In particular, if you forward port 80 to the xbox, then you wouldn't be able to forward that port to a web server on a different console.
If your console is already working with Xbox Live, then there's no reason for forward these ports. If it's not working, then you likely will have to forward at least some of them. You can see which ones by looking at the upnp connection list in the xr500. Anything missing there likely needs to be forwarded.
Yes, the console is working absolutely fine, I was just under the false impression that I could get improved connectivity of some sort via port-forwarding. But I think with uPnP enabled, everything seems to be working fine.
I think you have brought to light the security aspect of port-forwarding so I think I will be cautious now when thinking of forwarding any ports.
Thanks again for all the help @StephenB! I really appreciate it 🙂
Hello @schumaku! Thanks for taking the time to answer the question!
The DLink DIR-825 isn't a modem/router - much more a basic (and dated) WiFi router with an Ethernet WAN port.
Oh wow okay, this is something that I was completely unaware of. This makes so much more sense now.
What does stop you from replacing this DIR-825 by the Netgear XR500 (in router mode)?
Well, my ISP has installed the connection on the ground floor of the house and my room and studio are on the 1st floor. The WiFi signals between the two floors are quite poor even with a powerful router.
But, I am going to contact my ISP soon and move the connection up to the first floor and connect it directly to the XR500. Then I will set up an access point on the ground floor for other family members to use.
Ref. the port forwarding: The same port(s) can not be forwarded (neither by static port forward nor by UPnP PMP) to more than one NATed IP address. However, with a modern router like the XR500 these game consoles are able to handle the required port forwardings automatically.
Okay interesting, I think I am not going to port-forward then. It seems uneccessary since everything works fine now. But I am definitely going to get rid of the D-Link DIR-825 and make the XR500 the main router.
