Xbox LIVE always Moderate NAT?

mediafox037 · February 1, 2021, 10:13am

Hello. I already port forward Xbox LIVE ports 3074 and 3544 on OpenWRT but in Windows Settings > Gaming > Xbox Networking, it always report as Moderate NAT. What am i doing wrong?

peternikolow · February 1, 2021, 10:29am

You may need to open other ports too

Open the following ports, making sure to utilize the correct protocol:

UDP: 88, 500, 3544, 4500

TCP & UDP: 3074

Source:

Jack007 · February 1, 2021, 1:36pm

In my (sons) case it was sufficient to add this port forwarding rule:

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option dest_ip '192.168.1.126'
	option name 'XBox360'
	option proto 'tcp udp'
	option dest_port '3074'
	option src_dport '3074'

Older Xbox's use a fixed port (3074). On newer ones you can pick a specific port.

mediafox037 · February 2, 2021, 12:55am

I don't have an Xbox. I'm specifically talking about the Xbox LIVE functionality built into Windows 10. Games that uses Xbox LIVE like Halo: MCC will be utilizing this.

mediafox037 · February 2, 2021, 12:56am

Yeah, I already tried all the ports that peternikolow posted above. Windows still says that the NAT type is Moderate.

EDIT: Here's the config for my firewall rules for Xbox LIVE

config redirect
        option name 'Xbox LIVE'
        option src_dport '3074'
        option target 'DNAT'
        option dest_port '3074'
        option dest 'lan'
        option src 'wan'
        list proto 'tcp'
        list proto 'udp'
        option dest_ip '192.168.1.102'

Xtreme512 · February 2, 2021, 2:26am

Maybe you suffer from double-NAT. Did you check your ISP if they NAT you?

mediafox037 · February 2, 2021, 5:06am

I don't think so. My connection isn't under CGNAT by any means. The WAN IP being reported on OpenWRT is the same when I check on ipmonkey. What is strange is that I can see some of the ports that I have opened like qbittorent but Xbox Live still reports as Moderate NAT. I'm having trouble hosting custom games because of this.

Xtreme512 · February 2, 2021, 6:51pm

Both reports the public IP, so how can you be sure?.. The only way for you to see your ISP side local IP when they indeed CGNAT (like 10.x.x.x or 172.x.x.x private ranges) if they have a web portal that they let you see your private IP on their end.

Try pinging your public IP, if it pings normal, you are fine. If you see "Destination host unreachable" etc. very likely you are behind ISP's NAT.

Try this site to ping remotely: https://www.ipaddressguide.com/ping

mediafox037 · February 2, 2021, 11:56pm

Our ISP typically starts with 100.x.x.x if under CGNAT. Checking on the WAN interface on OpenWRT, it shows the public IP which matches exactly what I see on IP Monkey.

I tried that site and it is able to ping my network just fine

Xtreme512 · February 3, 2021, 12:22am

You can tell them to DMZ you. However, make sure you have good firewall.

mediafox037 · February 4, 2021, 1:26am

I'll try configuring my router to DMZ my PC to test this. Thanks

Jack007 · February 4, 2021, 6:13am

Just a thought; what happens if you temporarily enable upnp? Do you get an open-nat then?

Are you aware of this thread:

drbeast · February 4, 2021, 6:38pm

This is curious, because I am running Openwrt on an Edgerouter ER-X (same verison as OP). I had moderate NAT until I installed Luci-App-Upnp from the software panel and let it install its dependencies.

Both Upnp works for my xbox1 and all my versions of windows 10.

Enabling the IGDv1 mode allows them to work.