Xbox 360 DMZ & MTU Problem

[LukeWard7]

I tried putting my 360 in the DMZ so I could join everyone, and everyone could join me ect. But when I do this, it fails on MTU. But when I have my settings on 'Automatic' I can connect to Xbox LIVE fine with no MTU error message. My router is a Belkin F5D8236-4v1 if that helps.

[+virtorio MVC]

I can't help you, but I can say that I have the exact same problem with my Belkin (F5D8636) router, while my old D-Link router was fine.

I'm not networking expert, but I'm 99.45% sure I've put all the right numbers in.

[Sikh]

Either your Dmz isn't kicking in and if it is your MTU is set too low.

Google xbox 360 ports. First link is a Microsoft article. Go forward those ports with a static up to your xbox. Also allow UPNP to make things easier for you

[LukeWard7]

I forgot to say, thats the only reason I tried using DMZ, because forwarding all the ports didn't work. People still couldn't join me.

[cybertimber2008]

Any chance your ISP is double NATed?

I would recommend verifying that you've set everything right (forward ports, put xbox in DMZ, enabled UPnP) and then SHUT EVERYTHING OFF. Modem, Router & XBox. Give it five minutes and reboot. Before you can even type up a "why" you could be done. That's what finally got my Wii working on my Belkin. I know when I change those settings on my netgear at my other home, the router goes into a reboot. Belkin doesn't seem to.

[LukeWard7]

I don't know what double NATing is, but my ISP is Virgin Media if that helps. Also we have 3 Xbox's using the same connection if that helps too? Also I know my Belkin reboots because it says it does and a little timer comes up, counting down for 30 seconds or so before I can make another change (I also loose internet access for those 30 seconds).

[+BudMan MVC]

What devices do you have - but quite possible if you have a router you bought, and what you think is a "modem" from your ISP your behind a double nat - and then sure you can forward or try and use UPnP or even DMZ is not going to work if your behind a double nat.

If your dsl based its quite possible your behind a double nat for sure - since I have not seen a true dsl modem in years, they are all gateway devices -- modem/router combo doing NAT.

NAT is when you change from a public IP to a private one so that you can share your public ip with multiple devices. So lets say your ISP gives you IP 24.1.2.3, in simple terms your router changes that either 10.x.x.x, 192.168.x.x or 172.16-31.x.x which are all private IP ranges that can not be used on the public internet.

Well if you have 2 devices doing nat, ie internet 24.1.2.3 -- modem -- 192.168.1.1 --- 192.168.1.2 -- router -- 192.168.2.1 --- 192.168.2.2 -- PC

You have a double NAT. You performed network address translation twice.. And you can try and forward ports on your router all day long - it never sees it, since the first NAT devices does send it the traffic.

There are ways to fix this -- but in general you do not want to be behind a double nat.. So you either put the device you got from your ISP In bridge mode so your router actually gets the public IP on its internet connection. Or you just use the device from your ISP as your router - and use a wireless router as an accesspoint to add wireless, etc. etc.

So we know what wireless router you have -- now tell us what device actually connects you to the internet. Make and model of the device you got from your ISP. A quick way to tell if your behind a double nat is to look at the status of your router -- so on that belkin, go to its status page for its internet connection. What does it have for an IP? If its starts with 10.x.x.x or 192.168.x.x or 172.16-31.x.x then your behind a double nat. And yeah your going to have issues with port forwarding and people connecting to you if that is the case.

[LukeWard7]

I 've seen the access point option on my router before, should I try doing that? What is the difference in having it as an access point and not having it as one? But to answer your question I have an NTL:250 as my modem. (NTL is now Virgin Media). I will show you a screenshot of the status screen.

[cybertimber2008]

Well if you have 2 devices doing nat, ie internet 24.1.2.3 -- modem -- 192.168.1.1 --- 192.168.1.2 -- router -- 192.168.2.1 --- 192.168.2.2 -- PC

You have a double NAT. You performed network address translation twice.. And you can try and forward ports on your router all day long - it never sees it, since the first NAT devices does send it the traffic.

No, the modem in that scenario won't do that (cause double NAT). If the ISP assigned him a 172.x.x.x or 10.x.x.x, yea, then it's probably double NAT. I'm betting its not though, its pretty rare for double NAT. BUT the screenshot confirms he has a real public ip, so only one nat.

However you didn't mention 3 xboxes on the same internet connection. THAT might be the issue. Only 1 can be in DMZ and properly connectable IMO, as far as to XBox live goes. (Here to hoping for greater IPv6 adoption).

In other news, I googled your model: http://answers.yahoo.com/question/index?qid=20091213115241AATgMHC this is relevant, but not helpful.

Mind if I ask if you can connect your xbox straight to the modem and see if you get connections?? I wonder if yours like mine has to be in some sort of "bridge mode" to get NAT to work right. Or heck, have you tried asking virgin's tech support?

[LukeWard7]

I know that only one of them can be in the DMZ, and when I first went to my Xbox in there, it was empty so mine would of been the only one in there. Yeah it works fine if I connect it straight to the modem.

[+BudMan MVC]

Ok from that status screen your not on a double nat, since you have a public IP address. So seems your just not forwarding the ports correctly if you ask me.

If you going to enable DMZ or port forwarding quite often you need to disable UPnP - they conflict with each other. UPnP allows for software and devices to auto setup forwards on the router. If you going to do it manually by placing boxes in the dmz or forwarding ports - that is in contradiction. I see you have it enabled.

Also some routers only allow a specific port wired port to be in the dmz? If your wireless might not work, etc??

A bit off topic -- but WTF you running WEP for?? WEP is no longer a valid method to in securing wireless -- you need to be using atleast WPA, better yet WPA2 with a SECURE psk.

I would suggest you turn off the firewall feature, this could be causing you grief.. Just use NAT as your protection you don't really need the router checking for ping of death, etc. etc. Turn off UPnP and then correctly setup the forwards to the IP address of your specific xp box you want to be able to connect to.

edit: that article is quite helpful actually.. He has UPnP on with multiple xboxes -- they are all prob saying open the port to me, open the port to me.. So yeah no wonder not one them actually works ;) Turn off UPnP and setup the forwards manually to your 1 specific xbox. I would also make sure the other xboxes are no on the network when your testing this.

[LukeWard7]

The firewall feature is off, I think you can see it in the screenshot. When you say turn UPnP off, will the other two xbox's be able to connect with an Open NAT, or at all? Or do I need to set them up manually aswell?

[+BudMan MVC]

You can not forward the same port to 2 different private IPs at the same time no..But depending on what your doing - sure most likely you could both be online at the same time - but you can only forward a port to 1 machine at a time - does not matter if manually or with the use of UPnP.

But to clear up your issues about people connecting to you - I would suggest you disable UPnP! And then manually forward the ports, and or try the dmz option. But with UPnP on and multiple xboxs on the network - its quite possible they are fighting over where to send a port.

edit: Your prob going to want to allow your IP to be pingable as well. The IP in your screen shot does not answer pings -- which can cause issues for servers check lag, etc. etc.

[LukeWard7]

I have tried turning UPnP off and it makes no difference except now it's just saying I cannot contact the xbox servers or xbox.com. How do I make my IP pingable? I reset my router to factory defaults and added the xbox into the DMZ, that didn't work. I then forwarded the ports and that made my NAT strict :s. So nothing seems to be working. The only time it does work is when I have all the settings on automatic.

[+BudMan MVC]

This is where you allow for ping

As to it not working unless your using UPnP - well then your clearly not doing it right ;) If it works with UPnP, then your not setting it up correctly manually is all.

[LukeWard7]

No what I meant was it didn't make no difference having UPnP off or on. I still get the same error message. I don't know how im setting it up wrong though? For ip I'm using 192.168.2.20 (what's in the DMZ) then subnet mask as 255.255.255.0 then gateway as 192.168.2.1. For servers I'm using 194.168.4.100 and 194.168.8.100 which are virgin medias.

[+BudMan MVC]

Well your dns has little to do with it.. Did you enable ping from the internet? I still show your IP from your screen shot not answering pings.

[Biohead]

When I had the Belkin F5D8635 and F5D8636 (the ADSL N and N+ variants) I had nothing but problems with the xbox (and other devices).

In the end it turns out that it was just a terrible terrible product from Belkin. Port Forwarding certainly did not work and UPnP was useless. I'm not saying it may be the same here, but the family of products are related and problems sound very similar to what I had.

Funnily enough, Ive swapped it for one of the free Virgin Media N routers (and ADSL modem) and its been one of the most reliable routers I've had.

[LukeWard7]

I have allowed Pings and I am still getting the MTU error when I put the Xbox in the DMZ. When I set the Xbox's IP to match those in the port forwarding section it says my nat is strict? Even though it works fine when I set it all to "automatic".#

Biohead, I am on Virgin Media's XL Package for Broadband, can I get the router free? Or is it a new customer only thing?

[Biohead]

I'm not sure on Virgins policy. I picked mine up on ebay for a few quid (I'm a talktalk adsl customer!) then an adsl modem to pair it with.

The actual model is dlink dir615. Its not got any bells or whistles, but its an n router that hands down beat both the Belkins I tried out.

[+virtorio MVC]

I tend to think it is a problem with the (Belkin) router. I managed to try another D-Link router, and no problems. Tried my Belkin one again, some settings, doesn't work.

Which annoys me as it's one of the best routers I've had in terms of stability and wireless performance.

[+BudMan MVC]

Ok for grins can you post up your port forwarding section.. Lets see what you have forwarded, and what is your mtu actually set it? I highly doubt your mtu is below 1364.

You would really need the IP address of the live servers your trying to connect to test mtu size, but you can see if its a issue with your router or local ISP by just pinging something that will answer and setting the do not frag and size.. For example here is pinging neowin.net with a 1472 size set

ping www.neowin.net -f -l 1472

Pinging neowin.net [209.124.63.215] with 1472 bytes of data:

Reply from 209.124.63.215: bytes=1472 time=41ms TTL=52

Reply from 209.124.63.215: bytes=1472 time=41ms TTL=52

Reply from 209.124.63.215: bytes=1472 time=39ms TTL=52

Reply from 209.124.63.215: bytes=1472 time=42ms TTL=52

Ping statistics for 209.124.63.215:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 42ms, Average = 40ms

This is way above the 1364 that xbox requires from my understanding.. but to see what your failure size is to any specific host on the internet.. just raise it when you have no frag set.

Pinging neowin.net [209.124.63.215] with 1474 bytes of data:

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

[LukeWard7]

Mine shows exactly the same as yours, I can ping Neowin on 1472 but shows no frag set when I set it to 1474. Here is a screenshot of my port forwarding.

[+BudMan MVC]

Well thats fine with that no frag set - thats how it should be.. Ok for starters your ports are not correct on your forwards.

http://support.microsoft.com/kb/908874

* TCP 80

* UDP 88

* UDP 3074

* TCP 3074

* UDP 53

* TCP 53

You have 88 set as TCP not UDP. So thats going to be a issue.

And maybe just me -- but why do you have 2 forwards for each port, one for udp and one for tcp.. Just use the Both setting. so you should have

80 tcp

88 udp

3074 both

53 both

To be honest the 53 makes no sense and I just think it needs to be open outbound, and same goes with the 80 I do believe. I think your only forwards are the 88 and 3074. But since you had 88 on the wrong protocol - you would expect it to give you a error.

If me I would set the 88 and 3074 forwarded, and would not on the 53 and 80 - and then I would reboot the router. And then I would reboot the xbox and then do your tests.. Your xbox is set to static .20 IP?? So its not going to change on a reboot?

Edited March 16, 2010 by BudMan

[LukeWard7]

I done what you said and changed port 88 to UDP but its made no difference what so ever. The thing I can't understand is when I set a static IP on my Xbox and then put that IP in the DMZ, why won't it work?