Solved NAT type keeps messing up

BerserWizard

Thread Starter
Joined
Sep 11, 2020
Messages
7
The NAT type on my Xbox One changes to strict whenever I turn it off or put it in sleep mode. If I clear the cache and reset my router it goes back to open, but it's a giant pain to do that every time I want to play a game. I use my own router with the ISPs modem, so I have the router in access point mode. Some of the time, when I get the strict NAT type the Xbox says UPnP unsuccessful. From what little I've figured out UPnP is a setting on the router that's greyed out when in access point mode. I would ask my ISP about this, but their support is terrible.
 
Joined
Aug 8, 2008
Messages
3,250
The NAT type on my Xbox One changes to strict whenever I turn it off or put it in sleep mode
It's supposed to do that as NAT is a firewall to prevent any intrusions while in sleep mode as it's still connected to the internet.

so I have the router in access point mode.
Change that back as you're defeating the purpose of the router.

UPnP is a standard to allow devices to connect seamlessly to a PC and the internet....without having to install a driver to make it work.

Over all your changing settings in devices with out knowing what they are or what they do.
 

BerserWizard

Thread Starter
Joined
Sep 11, 2020
Messages
7
It's supposed to do that as NAT is a firewall to prevent any intrusions while in sleep mode as it's still connected to the internet.


Change that back as you're defeating the purpose of the router.

UPnP is a standard to allow devices to connect seamlessly to a PC and the internet....without having to install a driver to make it work.

Over all your changing settings in devices with out knowing what they are or what they do.
I didn't change my settings yet. It was my ISP who told me to use access point mode. I just looked at the settings so I had an idea what to ask about.
 

Couriant

James
Trusted Advisor
Spam Fighter
Joined
Mar 26, 2002
Messages
37,344
Comtrend CT-5374 is a modem/router so making your router as access point only makes sense because it's allowing the modem to control everything. I'm guessing the modem is what's causing the NAT to change.
 

Fireflycph

Morten
Joined
Apr 1, 2016
Messages
1,381
If I may give my two cents. Not trying to hijack nor step on any toes here.

What you should do - in my opinion. Is to set the modem in bridge mode and let your own router handle the WiFi, Firewall, DHCP etc.

Then you'd be able to use the Upnp and assign a sticky Lan ip - if so desired- to your Xbox. (Also known as a DHCP reservation)
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,509
I suspect it's the uPnP doing it. I don't know much about it as I configure everything manually on my networks.

But for some clarity so there is no misinformation for those reading this forum and learning. NAT stands for network address translation. It is NOT a security feature. It's a feature set that exists on routers and routing capable switches (layer 3 switches). NAT comes in three flavors: one to one, pool of addresses, and overload or many IPs to a single public facing. None of these flavors applies any type of security. The use of which flavor depends on the problem you're trying to solve.

The NAT type everyone is familiar with is the overload or many IPs to one single public facing IP. People mistake this as a security configuration as SOHO manufacturers mask an additional step from the user and gaming companies don't know a network if it came up and bit them. The terms of NAT strict, moderate, or open are only gaming industry terms. None of those exist in the world of network engineers. If you were to mention any of those terms, you'd be laughed at hard. NAT overloads are done because 99.9999999% of home users only get one single IP address from their ISP. This presents a dilemma when you have more than one device you want to connect to the internet. NAT overload is a feature that was created to address this problem. How it works is through how normal TCP traffic works. When say your laptop wants to access a website at a public IP of 1.1.1.1, it initiates a TCP session. The way the traffic would look to the router is your laptop at say 192.168.1.100 is trying to access port 80. The network stack in your laptop's OS will pick a random high port number to start the session say 25000. So the packet that is generated will have source of 192.168.1.100:25000 and destination of 1.1.1.1:80. Your router receives this and then repackages the packet header to substitute its ISP assigned public IP say 5.5.5.5. So the web server will receive a packet which has a source of 5.5.5.5:25000 and destination of 1.1.1.1:80. And since the server at 1.1.1.1, the web server service running on that server will answer on port 80 and process the packet. At your router, it keeps a PAT (port address translation) table. This is where the router keeps track of how the NAT overload translations are mapped. So in the table it will have a port 25000 is mapped to 192.168.1.100. So when the web server sends back a reply, the router will see source of 1.1.1.1:80 destination 5.5.5.5:25000. The router will process the packet and look in its PAT table to see what internal device initiated the session on port 25000. It will see 192.168.1.100 did and repackage the packet header to have source 1.1.1.1:80 destination 192.168.1.100:25000.

The above principle is also how the built in firewall works in your router which operates on keeping track of port sessions between IP addresses and the firewall part of your router will keep its own session table.

What happens when a device on your internal network needs to function as a server allowing inbound connections with NAT overload and the SPI firewall in the router getting in the way? This is where port forwarding comes in. Port forwarding on a SOHO router combines two things. One it sets a NAT one to one rule so that any time a session request hits your router for a specific port, it will always send that traffic to a specific IP/device on your internal network. The second thing port forwarding does is it creates a firewall rule to allow the session. On business grade firewalls, the NAT and firewall configurations are totally separate and both have to be manually configured individually.

If you understand the implications of port forwarding, you will realize that doing so is breaching the security of your network by allowing holes for outside untrusted network traffic to enter your network unchallenged. The only things you can do to defend against this security risk is 1) move your gaming device or what ever is requiring the port forward to a DMZ, 2) use a deep packet inspection firewall which has added functionality to inspect the payload of a packet to ensure there is no questionable data/code imbedded or 3) don't use the online gaming function of these consoles and demand the gaming industry to take security more seriously. Option 2 with using a DPI firewall is not even an option for home users as the hardware that can do DPI is prohibitively expensive.

There's been so much misunderstanding of NAT and firewalls that as had happened with my debunking of "VPNs" that I feel this should also be a sticky in this subforum.
 

Fireflycph

Morten
Joined
Apr 1, 2016
Messages
1,381
I don't know how to change the settings on the modem.
Call your ISP. THey should be able to help you. Just be aware that even though they may tell you how to do it. THey may not support such a configuration. Which doesn't matter if it works. If it doesn't you'll have to do a hard reset on it. (Revert to Factury Default)

I did look at the manual and while it mentions bridge mode several times it doesn't tell you how to do it. My guess it'll be somewhere in the WAN setup.
 

Fireflycph

Morten
Joined
Apr 1, 2016
Messages
1,381
I think I found it. Looks like it's on page 128-131 of the manual.

You still will need to confirm the settings with your ISP..
 

Attachments

BerserWizard

Thread Starter
Joined
Sep 11, 2020
Messages
7
After a bunch of hoopla, my ISP told me they can't help. They said I need to manually configure the ports on my router, but I don't know how to do that.
 

Fireflycph

Morten
Joined
Apr 1, 2016
Messages
1,381
What did they say they can't help with? Did you ask them about putting the Modem in Bridge mode?
 

BerserWizard

Thread Starter
Joined
Sep 11, 2020
Messages
7
Never mind that last comment. They fixed it without telling me. Thank you all for your help.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top