With the following rules in place the NAT shows as open in the Xbox Console. I have concerns about opening all those ports at the router. I have read the forums where users indicated the filter rules are not necessary, only NAT rules are. When I only use the NAT rules above, the NAT type in the Xbox shows as moderate. I, however, cannot attest functionality with or without the filter rules running. I am told the functionality for voice over/communication in multi-player games does not function properly without Open NAT listed.
Question -
Are the NAT rules sufficient for an Xbox even though the type shows as Moderate or do I need the filter rules as well for multi-player games to work properly?
I am hoping someone with an Xbox who plays such games can weigh in.
We typically leave UPnP disabled on the router as it is a potential significant security risk. If UPnP was running, I assume it would work well but have never tried it. Thanks for your feedback.
If it is not listening to connections from the public Internet, how is it a security risk?
All it does is let computers on the LAN request ports be open and forwarded to them.
That is to say, what is needed to make a game work properly. There’s no real rocket science.
/did game programming until a few years ago
Also:
If a computer is compromised, nothing stops it from making a connection.
Connecting to it by its own request is no different at all. It just works better.
We do systems integration for people that run from basic networks to home automation systems for residential and SMB customers. The number of consumer devices available today that a customer can bring home that may open ports is growing at a high rate and, IMHO, an unnecessary risk especially in a managed environment. Cameras, door locks, HVAC, security, lighting, etc…all have apps and software that comes in the box. You are at the mercy of all those devices opening various ports to those devices or at the router. You are then subject to the security of those devices themselves and what exploits they may be vulnerable to. I have personally seen (granted this was about 3 years ago) an IP camera open multiple ports half of which were unnecessary - the the camera was removed and the ports remained open. IMHO the less open ports the better. I am just not comfortable with what some of these consumer electronics companies are doing today - I don’t want to be held accountable for their poor implementation or security practices in the shoddy software some have produced without their direct oversight. We would prefer to get the call that remote access is not working for a device, then we can add it,document it, forward it, or use provide a VPN option for access. Not to mentioned they will call us to add new devices in the future. just my 2c. Perhaps I am being overcautious and am getting to be an old curmudgeon. Anyway, thanks for your comment and feedback.