I am trying to get my Xbox One NAT to be “OPEN” and having some grief in the process. I have done this previously on TP Link and Netgear routers, but hoping to get some assistance with my MikroTik.
The first issue I have, is the fact that my Xbox insists that “uPnP is not successful”. But I have ticked the uPnP checkbox on the router and rebooted the router and the xbone, just to be sure. I suspect there is an issue with the INTERFACES, as i am not sure. What should these be configured to ? The current physical setup I have is as below :
Fibre from the street comes into a fibre box
CAT5 cable running from my fibre box into MikroTik ETHER1
CAT5 cable running out of ETHER2 to my TV room
Normally, this goes to a TP-link W8960N that is being used as a switch for my various devices. But for the purpose of trying to get my Xbox NAT open, i removed that variable and connected the CAT5 from MikroTik directly to the XBOX.
How should the interfaces be configured to get uPnP working ? I want to try and get this sorted if possible. If it still doesn’t work, then I will once again try Port Forwarding . On that front, I had setup a static IP on the console and then gone to IP/Firewall and done some port forwarding. But I suspect I did something wrong, as it did not work, hence my desire to first try and get uPnP working.
Is this solved? I myself got a headache with this, being a certified MK consultant with years of experience I was starting to doubt my abilities. What solved for me was a simple rule. The big problem with this thing is that Microsoft doesn’t show on it’s support page the correct ports to be redirected. All it needed was port 56102 UDP, and that can be customized on the Xbox itself by going to network advanced settings.
Here is the rule that I created on my RB and it’s working. If your case isn’t solved yet I hope this comes in a good way for you.
What IP address do you have in your router from ISP? Is it from
10.0.0.0 - 10.255.255.255
100.64.0.0 - 100.127.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255 range?
Good morning people.
I have an equal problem. I have an Xbox One on my network, and it is showing strict double Nat, I already applied UpNp rules on Mikrotik and the WiFi Router too, but to no avail. I applied rules on Mikrotik:
I am a tad confused by that NAT rule.
Specifically why is their a destination address in the rule??
I think the reason I am asking is because I use in-interface-list=WAN on my dst nat rules.
I would like to assume both accomplish basically the same thing but just want to make sure!
(PS the too ports part is not required as its detailed in the destination port and if there is no port translation, the TOO port is assumed to be the same as the dest port).
@anav: It’s quite difficult to find something specific in my own older posts, but I can’t shake off the feeling that I already explained this to you, and maybe even more than once.
When forwarding port, you want it forwarded from public address to some internal address. The dst-address= is correct solution, because it does exactly what you want, nothing less and nothing more. The in-interface= is simple shortcut, it works too, but it assumes that you have only one address on WAN interface, and you don’t have any subnet routed to you from there. Which is true for average home user. But it can bite you if you use it without thinking what it does, and then you happen to come across some more complex config. Even the simplest case where you would have two public addresses on WAN interface. If you use dstnat with in-interface=, ports will be forwarded from both to same internal device. Probably not what you’d want.
In short, keep using in-interface= if you want, it’s ok. Great advantage is that it automatically handles dynamic addresses. But understand what it does.
so I keep reading how UPnP can be a security risk…
I have Xbox connected to ether9, WAN via ether1.
If I enable UPnP for just external port=ether1 and internal port=ether9, would it still be considered a security risk since UPnP is only enabled for the xbox and therefore can’t effect any other LAN devices?
OR, theoretically, could the Xbox still open ports using UPnP to other LAN IPs on the network that are connected to say, ether2..?