We give public ip's to all customers. But in their router we turn off upnp if I'm the guy that sets up the router for them.
shrug, marlon ----- Original Message ----- From: "Adam Kennedy" <adamkenn...@omnicity.net> To: "WISPA General List" <wireless@wispa.org> Sent: Monday, August 02, 2010 8:31 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP >I would agree that it is a security hole for an ISP. UPnP would let me do >my own forwards for just about any port I want, including SSH, telnet and >web. For that matter, I could just be selfish and port map every port from >1024 through 65535 to my IP, completely killing access to anyone else. > > In an ISP environment, the best option really is to disable UPnP if you > are doing NAT. > > -- > Adam Kennedy > Network Engineer > Omnicity, Inc. > > > -----Original Message----- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Marlon K. Schafer > Sent: Monday, August 02, 2010 10:43 AM > To: WISPA General List > Subject: Re: [WISPA] XBOX live, NAT, and UPnP > > Man that sucks. We turn off upnp on ALL routers. I've always been told > that it's a big security hole. > > Thoughts on that? > marlon > > ----- Original Message ----- > From: "Josh Luthman" <j...@imaginenetworksllc.com> > To: "WISPA General List" <wireless@wispa.org> > Sent: Monday, August 02, 2010 7:29 AM > Subject: Re: [WISPA] XBOX live, NAT, and UPnP > > > I don't seem to have any issues with double or triple NAT. > > When I was working with MT to fix the upnp issue with Xboxes. I have > it marked as 4.6 with modifications (it was an unofficial 4.6 they > gave me) so I would say 4.7 or higher should enable Xbox upnp. Even > this requires a public IP on the Mikrotik to remove even nice strict > (I think it's called open?). > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser <k...@wavelinc.com> > wrote: >> So does anyone here have any customers that use XBOX live and bark to you >> about you NAT? Apparently the XBOX live service is very picky about being >> behind any NAT device and its ability to make connections to other >> servers. >> From what I gathered is that the LIVE service uses Universal Plug and >> Play >> (UPnP) to get around this but the question I have is. If your doing >> masquerade on a Mikrotik Core Router should you enable UPnP on that >> device? >> Or should I just issue public IP's to the customer that games and let >> them >> worry about it? And if you have UPnP enabled on the core router and then >> do >> a double-NAT through the customers Linksys router with UPnP enable does >> that >> not work because of the double-NAT? >> >> >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/