Everything i keep coming up with to make this work "ideal" according to the customer is I"m gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves.
-Kurt Fankhauser ----- Original Message ----- From: "Josh Luthman" <j...@imaginenetworksllc.com> To: "WISPA General List" <wireless@wispa.org> Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP > Don't the majority of us NAT at the customer SM? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy <adamkenn...@omnicity.net> > wrote: >> I would agree that it is a security hole for an ISP. UPnP would let me do >> my own forwards for just about any port I want, including SSH, telnet and >> web. For that matter, I could just be selfish and port map every port >> from 1024 through 65535 to my IP, completely killing access to anyone >> else. >> >> In an ISP environment, the best option really is to disable UPnP if you >> are doing NAT. >> >> -- >> Adam Kennedy >> Network Engineer >> Omnicity, Inc. >> >> >> -----Original Message----- >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On >> Behalf Of Marlon K. Schafer >> Sent: Monday, August 02, 2010 10:43 AM >> To: WISPA General List >> Subject: Re: [WISPA] XBOX live, NAT, and UPnP >> >> Man that sucks. We turn off upnp on ALL routers. I've always been told >> that it's a big security hole. >> >> Thoughts on that? >> marlon >> >> ----- Original Message ----- >> From: "Josh Luthman" <j...@imaginenetworksllc.com> >> To: "WISPA General List" <wireless@wispa.org> >> Sent: Monday, August 02, 2010 7:29 AM >> Subject: Re: [WISPA] XBOX live, NAT, and UPnP >> >> >> I don't seem to have any issues with double or triple NAT. >> >> When I was working with MT to fix the upnp issue with Xboxes. I have >> it marked as 4.6 with modifications (it was an unofficial 4.6 they >> gave me) so I would say 4.7 or higher should enable Xbox upnp. Even >> this requires a public IP on the Mikrotik to remove even nice strict >> (I think it's called open?). >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> >> >> On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser <k...@wavelinc.com> >> wrote: >>> So does anyone here have any customers that use XBOX live and bark to >>> you >>> about you NAT? Apparently the XBOX live service is very picky about >>> being >>> behind any NAT device and its ability to make connections to other >>> servers. >>> From what I gathered is that the LIVE service uses Universal Plug and >>> Play >>> (UPnP) to get around this but the question I have is. If your doing >>> masquerade on a Mikrotik Core Router should you enable UPnP on that >>> device? >>> Or should I just issue public IP's to the customer that games and let >>> them >>> worry about it? And if you have UPnP enabled on the core router and then >>> do >>> a double-NAT through the customers Linksys router with UPnP enable does >>> that >>> not work because of the double-NAT? >>> >>> >>> >>> Kurt Fankhauser >>> WAVELINC >>> P.O. Box 126 >>> Bucyrus, OH 44820 >>> 419-562-6405 >>> www.wavelinc.com >>> >>> >>> >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------------------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -------------------------------------------------------------------------------- >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
