Recently, I purchased Battlefield 1, which along with being an awesome game, exposed an issue with my new home network. For some reason, I was having real issues getting Xbox Live Parties/Chat to work. I could send invites, others could accept them, however I did not receive any invites. Why? Beats me, but after some tinkering, and some google searching, I discovered the “Open NAT” issue.

Strict NAT / Moderate NAT

Strict NAT

What is an Open NAT exactly? Basically it means that you have all of the correct (incoming) ports forwarded to your Xbox One. What is that list? Well if you go by Microsoft’s list, you’ll end up forwarding the following…

  • 88 (UDP)
  • 3074 (UDP and TCP)
  • 53 (UDP and TCP)
  • 80 (TCP)
  • 500 (UDP)
  • 3544 (UDP)
  • 4500 (UDP)

Odd. Now our Xbox One is a DNS server (53), a web server (80), and a IPSEC VPN server (500, 4500)? It seems that whoever wrote that help article is confusing Port Forwarding with outbound port access.

What happens if I don’t open these ports? Well, Microsoft has broken the NAT types into the following categories and even created this helpful(?) chart.

Helpful Chart

They don’t really go into what won’t work, just that depending on the other user’s NAT “type” things may not work.

Solution

The solution is actually very easy. The Xbox One listens on port 3074 for incoming connections. It doesn’t appear that the other ports are inbound ports. Once I forwarded that to my Xbox One. All was well.

Another solution is to use UPnP to allow the Xbox One to open the port itself. I wasn’t too keen on this as UPnP is by design insecure as it allows devices on your network to poke holes in the firewall without your approval. However, if you have multiple Xbox Ones, this is the only solution. As it allows the Xbox Ones to pick a different inbound port and forward it to itself.

If you have an EdgeRouter Lite like I do, the following config section should get you what you need.

Warning: I have not tried/confirmed this works as I only have 1 Xbox One.

upnp2 {
    acl {
        rule 10 {
            action deny
            description "Block default Xbox Live port 3074"
            external-port 3074
            local-port 0-65535
            subnet 192.168.0.0/24
        }
    }
    listen-on eth1
    nat-pmp enable
    secure-mode enable
    wan eth0
}

Happy Gaming!