Re: [WISPA] XBOX live, NAT, and UPnP
We give public ip's to all customers. But in their router we turn off upnp if I'm the guy that sets up the router for them. shrug, marlon - Original Message - From: Adam Kennedy adamkenn...@omnicity.net To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 8:31 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Linksys defaults upnp to on. marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 12:48 PM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Default for everything I'm aware of is off. Unless someone has a different experience? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 3:41 PM, Blair Davis the...@wmwisp.net wrote: we do. RickG wrote: So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless
Re: [WISPA] XBOX live, NAT, and UPnP
Currently only getting v6 transit through one of my upstreams, Internet Operating Services of Arizona. They peer with 7 other upstreams for native v6 transit. I still need to turn up IPv6 peering sessions with my other transits. No major issues internally. Still feel like I'm in uncharted territory with providing access to customers. -- Blake Covarrubias On Aug 4, 2010, at 8:05 PM, Robert West wrote: Who is your upstream provider? Any issues with them passing the V6? Been thinking of making that jump but it seems to be a bastard scheme. Gets no respect. Any major issues? Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Wednesday, August 04, 2010 3:24 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP We've been using v6 internally for about a year. We've recently begun providing v6 to select customers; usually the ones with /26 or more of v4 address space. At that size they're usually technically competent, and thus ready to start migrating. -- Blake Covarrubias On Aug 3, 2010, at 6:04 AM, Robert West wrote: How long have been using the v6? Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently
Re: [WISPA] XBOX live, NAT, and UPnP
When I worked for ATT Wireless we purchased everything from DS3's to DS1's from Time Warner Telecom. On Wed, Aug 4, 2010 at 10:15 AM, Fred Goldstein fgoldst...@ionary.com wrote: At 8/4/2010 08:06 AM, Mike Hammett wrote: Time Warner Telecom and Time Warner Cable are entirely different companies. No present relationship whatsoever. Even worse than that. tw Telecom (small tw), Time Warner Cable, and Time Warner Inc. (CNN-Turner, Time magazine, etc.) are *three* different companies, now that TWC has been spun off. I wonder if they'll be required to change their name at some point, as tw Telecom was. Of course since tw Telecom got the tw, the cable folks will have to go farther afield. (I rather like their old Sterling Cable brand, but they probably don't.) The ITT name is shared by various former subsidiaries of a now-split conglomerate. (I think the residuary is Starwood Hotels, not one of the ITT-branded companies.) ATT Wireless was spun out of ATT Corp. at one point, though with a bit of irony both were later acquired by Southwestern Bell, which took the ATT brand for itself. I refer to them (now ATT Inc.) as faux ATT. This could make deciphering deals with ATT very confusing. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/4/2010 1:23 AM, John Thomas wrote: Yes, I have heard of them. Time Warner (TW Telecom) is my upstream. We aren't paying for IP addresses, but we only have a /27 of addresses with them. -- Fred Goldstein k1io fgoldstein at ionary.com ionary Consulting http://www.ionary.com/ +1 617 795 2701 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I have been doing a lot of that lately(Fired, or fired before you are hired). Had a customer come in today...first thing out of their mouth was Hulu and Netflix. Told them, we are not a solution for you. Scottie Yup! -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Robert West Sent: Monday, August 02, 2010 8:57 PM To: 'WISPA General List' Subject: Re: [WISPA] XBOX live, NAT, and UPnP Fired. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Yes, I have heard of them. Time Warner (TW Telecom) is my upstream. We aren't paying for IP addresses, but we only have a /27 of addresses with them. Robert West robert.w...@just-micro.com wrote: ATT and Time Warner. You may have heard of them. :) -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Tuesday, August 03, 2010 1:28 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Robert, what upstream is charging $15 per month? If that is true, I have a portable /19 I am going to start renting.. John Robert West robert.w...@just-micro.com wrote: Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around
Re: [WISPA] XBOX live, NAT, and UPnP
We've been using v6 internally for about a year. We've recently begun providing v6 to select customers; usually the ones with /26 or more of v4 address space. At that size they're usually technically competent, and thus ready to start migrating. -- Blake Covarrubias On Aug 3, 2010, at 6:04 AM, Robert West wrote: How long have been using the v6? Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
Time Warner Telecom and Time Warner Cable are entirely different companies. No present relationship whatsoever. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/4/2010 1:23 AM, John Thomas wrote: Yes, I have heard of them. Time Warner (TW Telecom) is my upstream. We aren't paying for IP addresses, but we only have a /27 of addresses with them. Robert Westrobert.w...@just-micro.com wrote: ATT and Time Warner. You may have heard of them. :) -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Tuesday, August 03, 2010 1:28 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Robert, what upstream is charging $15 per month? If that is true, I have a portable /19 I am going to start renting.. John Robert Westrobert.w...@just-micro.com wrote: Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mikem...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauserk...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthmanj...@imaginenetworksllc.com To: WISPA General Listwireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthmanj...@imaginenetworksllc.com To: WISPA General Listwireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky
Re: [WISPA] XBOX live, NAT, and UPnP
At 8/4/2010 08:06 AM, Mike Hammett wrote: Time Warner Telecom and Time Warner Cable are entirely different companies. No present relationship whatsoever. Even worse than that. tw Telecom (small tw), Time Warner Cable, and Time Warner Inc. (CNN-Turner, Time magazine, etc.) are *three* different companies, now that TWC has been spun off. I wonder if they'll be required to change their name at some point, as tw Telecom was. Of course since tw Telecom got the tw, the cable folks will have to go farther afield. (I rather like their old Sterling Cable brand, but they probably don't.) The ITT name is shared by various former subsidiaries of a now-split conglomerate. (I think the residuary is Starwood Hotels, not one of the ITT-branded companies.) ATT Wireless was spun out of ATT Corp. at one point, though with a bit of irony both were later acquired by Southwestern Bell, which took the ATT brand for itself. I refer to them (now ATT Inc.) as faux ATT. This could make deciphering deals with ATT very confusing. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/4/2010 1:23 AM, John Thomas wrote: Yes, I have heard of them. Time Warner (TW Telecom) is my upstream. We aren't paying for IP addresses, but we only have a /27 of addresses with them. -- Fred Goldsteink1io fgoldstein at ionary.com ionary Consulting http://www.ionary.com/ +1 617 795 2701 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
ATT around here charges $75/mo for DSL with static IPs. Keep in mind that is their basic static IP service for this area. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jeremie Chism Sent: Monday, August 02, 2010 10:29 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I see 15/month for static public all the time here. I guess it depends on your market. But I also have comcast doing 50/5 here to. Sent from my iPhone On Aug 2, 2010, at 6:27 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA
Re: [WISPA] XBOX live, NAT, and UPnP
ah you might want to double check that... ATT has introduced some very aggressive 12 month promotional pricing recently.. Faisal Imtiaz Snappy Internet Telecom On 8/4/2010 2:06 PM, Adam Kennedy wrote: ATT around here charges $75/mo for DSL with static IPs. Keep in mind that is their basic static IP service for this area. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jeremie Chism Sent: Monday, August 02, 2010 10:29 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I see 15/month for static public all the time here. I guess it depends on your market. But I also have comcast doing 50/5 here to. Sent from my iPhone On Aug 2, 2010, at 6:27 PM, John Thomasjtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauserk...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthmanj...@imaginenetworksllc.com To: WISPA General Listwireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedyadamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthmanj...@imaginenetworksllc.com To: WISPA General Listwireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives
Re: [WISPA] XBOX live, NAT, and UPnP
Who is your upstream provider? Any issues with them passing the V6? Been thinking of making that jump but it seems to be a bastard scheme. Gets no respect. Any major issues? Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Wednesday, August 04, 2010 3:24 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP We've been using v6 internally for about a year. We've recently begun providing v6 to select customers; usually the ones with /26 or more of v4 address space. At that size they're usually technically competent, and thus ready to start migrating. -- Blake Covarrubias On Aug 3, 2010, at 6:04 AM, Robert West wrote: How long have been using the v6? Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about
Re: [WISPA] XBOX live, NAT, and UPnP
True. And if you go with fiber, the IP's are free and are usually via the Telecom. If Time Warner Proper, 15 bucks. Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Mike Hammett Sent: Wednesday, August 04, 2010 8:06 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Time Warner Telecom and Time Warner Cable are entirely different companies. No present relationship whatsoever. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/4/2010 1:23 AM, John Thomas wrote: Yes, I have heard of them. Time Warner (TW Telecom) is my upstream. We aren't paying for IP addresses, but we only have a /27 of addresses with them. Robert Westrobert.w...@just-micro.com wrote: ATT and Time Warner. You may have heard of them. :) -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Tuesday, August 03, 2010 1:28 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Robert, what upstream is charging $15 per month? If that is true, I have a portable /19 I am going to start renting.. John Robert Westrobert.w...@just-micro.com wrote: Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mikem...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauserk...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthmanj...@imaginenetworksllc.com To: WISPA General Listwireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthmanj...@imaginenetworksllc.com To: WISPA General Listwireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik
Re: [WISPA] XBOX live, NAT, and UPnP
How long have been using the v6? Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You
Re: [WISPA] XBOX live, NAT, and UPnP
I'd be curious as to who those ISP's are? On Tue, Aug 3, 2010 at 1:25 AM, John Thomas jtho...@quarnet.com wrote: Are you always that quick to jump to conclusions? I guess I am just spoiled living in CA and NV as all the ISPs I have ever known of assign IP addresses either free or $5 per month. Jeremie Chism jchi...@gmail.com wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless
Re: [WISPA] XBOX live, NAT, and UPnP
Charging for a Static IP is also a deterrent. Most of the time either gamers or people who want to run servers want static public IP addresses. You don¹t want some kid hosting 10 other friends on his connection do you? This is why most gamers need to have a public IP. They are essentially running a server for their buddies to connect to. All Xbox Live does is connect to the best host (aka other person) to feed off them. If you are going to hand out public IP addresses to residential customers assign them from a pool and make them change so often via DHCP. -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting Tower Climbing Network Support From: Mike Hammett wispawirel...@ics-il.net Reply-To: WISPA General List wireless@wispa.org Date: Mon, 02 Aug 2010 12:00:42 -0500 To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] XBOX live, NAT, and UPnP I plan to IPv6 in the next year or so. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 10:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I don't think many people are going to see this. Pretty sure every ISP out there has a heavier download ratio then upload ratio. The upload bandwidth is minimal (say 512k) so it isn't like they can host much on it. I do have a customer that pays for 2U of rack space in our NOC for their game servers. This is awesome for everyone - it saves them money versus a big colo, uses my under utilized upstream and they get a great connection for their games. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Aug 3, 2010 at 4:31 PM, Justin Wilson li...@mtin.net wrote: Charging for a Static IP is also a deterrent. Most of the time either gamers or people who want to run servers want static public IP addresses. You don’t want some kid hosting 10 other friends on his connection do you? This is why most gamers need to have a public IP. They are essentially running a server for their buddies to connect to. All Xbox Live does is connect to the best host (aka other person) to feed off them. If you are going to hand out public IP addresses to residential customers assign them from a pool and make them change so often via DHCP. -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting – Tower Climbing – Network Support From: Mike Hammett wispawirel...@ics-il.net Reply-To: WISPA General List wireless@wispa.org Date: Mon, 02 Aug 2010 12:00:42 -0500 To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] XBOX live, NAT, and UPnP I plan to IPv6 in the next year or so. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 10:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Back when I had time for playing games, I did this very same thing. Put my own game server in and, man, it was fun...latency rocked! -Cameron WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
ATT and Time Warner. You may have heard of them. :) -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Tuesday, August 03, 2010 1:28 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Robert, what upstream is charging $15 per month? If that is true, I have a portable /19 I am going to start renting.. John Robert West robert.w...@just-micro.com wrote: Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about
Re: [WISPA] XBOX live, NAT, and UPnP
Here everyone charges for static public. Att, concert, the clec's that are left and the smaller isp's. Sent from my iPhone On Aug 3, 2010, at 12:25 AM, John Thomas jtho...@quarnet.com wrote: Are you always that quick to jump to conclusions? I guess I am just spoiled living in CA and NV as all the ISPs I have ever known of assign IP addresses either free or $5 per month. Jeremie Chism jchi...@gmail.com wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
I have learned many lessons in this business. I am sure I am not alone. One is that I provide a good service. One that is worth a fair price. I used to try to do everything to get a customer. Give away equipment and many other things. That usually leads to you and the company being taken advantage of. When I started charging for most everything (bear in mind these charges are fair and by no means am I the cheapest in town) my sales actually went up. Sent from my iPhone On Aug 3, 2010, at 9:14 PM, Robert West robert.w...@just-micro.com wrote: ATT and Time Warner. You may have heard of them. :) -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Tuesday, August 03, 2010 1:28 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Robert, what upstream is charging $15 per month? If that is true, I have a portable /19 I am going to start renting.. John Robert West robert.w...@just-micro.com wrote: Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here
Re: [WISPA] XBOX live, NAT, and UPnP
And thats exactly where upload bandwidth users should be, in your noc. Why tie up valuable AP time with a subscriber using upstream time? Most people want download speed. Others can use a hosting service or your noc :) On Tue, Aug 3, 2010 at 4:42 PM, Josh Luthman j...@imaginenetworksllc.com wrote: I don't think many people are going to see this. Pretty sure every ISP out there has a heavier download ratio then upload ratio. The upload bandwidth is minimal (say 512k) so it isn't like they can host much on it. I do have a customer that pays for 2U of rack space in our NOC for their game servers. This is awesome for everyone - it saves them money versus a big colo, uses my under utilized upstream and they get a great connection for their games. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Aug 3, 2010 at 4:31 PM, Justin Wilson li...@mtin.net wrote: Charging for a Static IP is also a deterrent. Most of the time either gamers or people who want to run servers want static public IP addresses. You don’t want some kid hosting 10 other friends on his connection do you? This is why most gamers need to have a public IP. They are essentially running a server for their buddies to connect to. All Xbox Live does is connect to the best host (aka other person) to feed off them. If you are going to hand out public IP addresses to residential customers assign them from a pool and make them change so often via DHCP. -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting – Tower Climbing – Network Support From: Mike Hammett wispawirel...@ics-il.net Reply-To: WISPA General List wireless@wispa.org Date: Mon, 02 Aug 2010 12:00:42 -0500 To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] XBOX live, NAT, and UPnP I plan to IPv6 in the next year or so. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 10:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] XBOX live, NAT, and UPnP
So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
You need one of the 4.x releases of MT for XBox uPNP to work. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 9:07 AM, Kurt Fankhauser wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com http://www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I've heard it a bit. Personally, I've never had a problem when my Xbox would list my NAT as strict. But I've heard people scream about it. You can either port forward to them, Or enable UPnP and it will do it for you. If your double NAT-ing then you will need to do it on both routers as UPnP will only cover the one closest to the Xbox. And if they have multiple xbox consoles you can only port forward to one, Or give them multiple statics. Just my experiences with it... Nick Olsen Network Operations (321) 205-1100 x106 From: Kurt Fankhauser k...@wavelinc.com Sent: Monday, August 02, 2010 10:11 AM To: WISPA General List wireless@wispa.org Subject: [WISPA] XBOX live, NAT, and UPnP So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
The easy answer is give the complainers a public. The problem you will run into is XBOX live tells them their nat status. In my experience you will have the people who are being told by Microsoft they need to have a simple nat or whatever the box tells them. You can make it work with UPnP, but you should have a router which fully supports it. Mikrotik has to be pretty much 4.5 or higher. Even then it has issues. Xbox live will work good with a moderate nat setting. This is normally a single NAT. What you will run into is gamers try to squeeze every last ³drop² out of their Internet. No matter what you tell them they won¹t rest until their settings/network/controls are ideal, at least according to them. Justin -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting Tower Climbing Network Support From: Kurt Fankhauser k...@wavelinc.com Reply-To: WISPA General List wireless@wispa.org Date: Mon, 2 Aug 2010 10:07:57 -0400 To: 'WISPA General List' wireless@wispa.org Subject: [WISPA] XBOX live, NAT, and UPnP So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP¹s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com http://www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -- Sent from my mobile device WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
This could be a huge advantage to you. Walk with me a second... or two. If a client wishes a Dedicated IP address that works for services such as Gaming, VPN, etc. Then let them pay a little extra for it. I see this as a natural money maker myself. -- glenn On Aug 2, 2010, at 11:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -- Sent from my mobile device WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
One good example I can bring up is a customer that has an Xbox plugged in to a WGT624v4 (nat 1), into our MT CPE (nat 2), goes through backhauls - Redline, Mikrotik, into our core router (nat 3). He has never once complained about any Xbox issues. His #1 concern when signing up was that the Xbox would work. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:55 AM, Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
or do 1 to 1 nat On Aug 2, 2010, at 11:31 AM, Adam Kennedy wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
FRIENDS DONT LET FRIENDS BRIDGE NETWORKS - what happens when they place something in a loop on their network - unless you are STP ready - you will have fun tracking it down. On Aug 2, 2010, at 11:55 AM, Kurt Fankhauser wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http
Re: [WISPA] XBOX live, NAT, and UPnP
Call it a gaming package and it will sell like hotcakes. -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting Tower Climbing Network Support From: Kurt Fankhauser k...@wavelinc.com Reply-To: WISPA General List wireless@wispa.org Date: Mon, 2 Aug 2010 11:55:24 -0400 To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] XBOX live, NAT, and UPnP Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe
Re: [WISPA] XBOX live, NAT, and UPnP
At 8/2/2010 12:07 PM, Glenn Kelley wrote: FRIENDS DONT LET FRIENDS BRIDGE NETWORKS - what happens when they place something in a loop on their network - unless you are STP ready - you will have fun tracking it down. Have the vendors in this space caught up to Carrier Ethernet yet? LAN bridging, based on MAC addresses, is a really bad idea, outside of a small LAN of course. But in the fiber optic world, the big thing nowadays is Carrier Ethernet. This is not bridging, but is a newer layer 2 network based on Ethernet framing. It uses VLAN tags for everything, assigning QoS (CIR, EIR) to each VLAN, and using RSTP (sort of the low common denominator) or something smarter to build the paths. I sometimes call it Ethernet framed Frame Relay. RouterOS seems to know about 802.1q VLANs in the old sense but not much more. Anybody out there using CE for anything wireless? On Aug 2, 2010, at 11:55 AM, Kurt Fankhauser wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman mailto:j...@imaginenetworksllc.comj...@imaginenetworksllc.com To: WISPA General List mailto:wireless@wispa.orgwireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP -- Fred Goldsteink1io fgoldstein at ionary.com ionary Consulting http://www.ionary.com/ +1 617 795 2701 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
uPNP on the only router between public and private will play friendly with multiple XBoxes. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 9:32 AM, Nick Olsen wrote: I've heard it a bit. Personally, I've never had a problem when my Xbox would list my NAT as strict. But I've heard people scream about it. You can either port forward to them, Or enable UPnP and it will do it for you. If your double NAT-ing then you will need to do it on both routers as UPnP will only cover the one closest to the Xbox. And if they have multiple xbox consoles you can only port forward to one, Or give them multiple statics. Just my experiences with it... Nick Olsen Network Operations (321) 205-1100 x106 *From*: Kurt Fankhauser k...@wavelinc.com *Sent*: Monday, August 02, 2010 10:11 AM *To*: WISPA General List wireless@wispa.org *Subject*: [WISPA] XBOX live, NAT, and UPnP So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com http://www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I plan to IPv6 in the next year or so. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 10:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
We have a network of 7 routers that is running dual stack. Actually have some customers receiving IPV6 addresses. Justin -- Justin Wilson j...@mtin.net http://www.mtin.net/blog Wisp Consulting Tower Climbing Network Support From: Mike Hammett wispawirel...@ics-il.net Reply-To: WISPA General List wireless@wispa.org Date: Mon, 02 Aug 2010 12:00:42 -0500 To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] XBOX live, NAT, and UPnP I plan to IPv6 in the next year or so. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com On 8/2/2010 10:04 AM, Jeremy Parr wrote: Reason number 5392 to not NAT your customers. Along those lines, who is rolling out a dual stack ipv6 network? On 8/2/10, Kurt Fankhauserk...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
we do. RickG wrote: So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: "Josh Luthman" j...@imaginenetworksllc.com To: "WISPA General List" wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. >From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Default for everything I'm aware of is off. Unless someone has a different experience? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 3:41 PM, Blair Davis the...@wmwisp.net wrote: we do. RickG wrote: So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA
Re: [WISPA] XBOX live, NAT, and UPnP
I do and only do manual port forwarding. Greg On Aug 2, 2010, at 1:51 PM, RickG wrote: So, do you turn off UPnP or not? On Mon, Aug 2, 2010 at 1:31 PM, Greg Ihnen os10ru...@gmail.com wrote: I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you. Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP’s to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless
Re: [WISPA] XBOX live, NAT, and UPnP
Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Five bucks? TW and ATT charges fifteen bucks or more for a static around here. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 7:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http
Re: [WISPA] XBOX live, NAT, and UPnP
Ditto! From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, August 02, 2010 7:30 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) On Aug 2, 2010, at 7:30 PM, Josh Luthman wrote: Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
BellSouth (ATT) charges $10. On Mon, Aug 2, 2010 at 7:27 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
Or dreaming. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Monday, August 02, 2010 8:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) On Aug 2, 2010, at 7:30 PM, Josh Luthman wrote: Around here everyone charges 15 for a static. On Aug 2, 2010 7:29 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna... - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA Gener... Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Tr... On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would a... Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL ro... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
For residential we charge 10 per month too, Business is included in the monthly billing... Chuck Profito 209-988-7388 CV-Access, Inc. www.cv-access.com / cprofito'at'cv-access.com Providing Broadband Internet Access to California's Rural Central Valley -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Monday, August 02, 2010 5:59 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP BellSouth (ATT) charges $10. On Mon, Aug 2, 2010 at 7:27 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe
Re: [WISPA] XBOX live, NAT, and UPnP
Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
Fired. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Mike Sent: Monday, August 02, 2010 9:46 PM To: 'WISPA General List' Subject: Re: [WISPA] XBOX live, NAT, and UPnP Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http
Re: [WISPA] XBOX live, NAT, and UPnP
On 2 August 2010 20:26, Glenn Kelley gl...@hostmedic.com wrote: Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) For a *static* or just for a public IP address? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
Yup! -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Robert West Sent: Monday, August 02, 2010 8:57 PM To: 'WISPA General List' Subject: Re: [WISPA] XBOX live, NAT, and UPnP Fired. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
With me, a static and public is one in the same. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jeremy Parr Sent: Monday, August 02, 2010 9:57 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP On 2 August 2010 20:26, Glenn Kelley gl...@hostmedic.com wrote: Time Warner is about $15 In this neck of the woods there are not that many providers - you going elsewhere would necessitate you either going into business for yourself or moving to Sneaker Net ;-) For a *static* or just for a public IP address? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] XBOX live, NAT, and UPnP
I see 15/month for static public all the time here. I guess it depends on your market. But I also have comcast doing 50/5 here to. Sent from my iPhone On Aug 2, 2010, at 6:27 PM, John Thomas jtho...@quarnet.com wrote: And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List
Re: [WISPA] XBOX live, NAT, and UPnP
True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless
Re: [WISPA] XBOX live, NAT, and UPnP
I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http
Re: [WISPA] XBOX live, NAT, and UPnP
Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com - --- WISPA Wants You! Join today! http://signup.wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
Are you always that quick to jump to conclusions? I guess I am just spoiled living in CA and NV as all the ISPs I have ever known of assign IP addresses either free or $5 per month. Jeremie Chism jchi...@gmail.com wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org
Re: [WISPA] XBOX live, NAT, and UPnP
Robert, what upstream is charging $15 per month? If that is true, I have a portable /19 I am going to start renting.. John Robert West robert.w...@just-micro.com wrote: Depends on if you have to pay for it. Some upstreamproviders give them for free, others not. Some WISPS pay for their own block. Either way, as with everything in business, if I have to pay 15 bucks for a static you better believe that cost is gonna be passed on. That's a HUGE percentage of the cost of providing service to that customer. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Blake Covarrubias Sent: Monday, August 02, 2010 11:55 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP I wasn't aware so many WISPs charge for static and/or public IPs. We have a /19 and /21 IPv4 allocation, and a /32 v6 allocation. All customers get dynamic, possibly changing, public IPs. We charge for a consistent public IP. NAT causes too many potential headaches for us to even bother with it. -- Blake Covarrubias On Aug 2, 2010, at 7:31 PM, Jeremie Chism wrote: True. Sounds like a bandwidth hog to me. Sent from my iPhone On Aug 2, 2010, at 8:46 PM, Mike m...@aweiowa.com wrote: Simple analysis might expose that customer to be one you'd rather let go. Or not. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Monday, August 02, 2010 6:27 PM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP And if I were your client, and you told me $10 for an IP address, I would find a new ISP. The most I have ever seen charged was $5 a month. John Kurt Fankhauser k...@wavelinc.com wrote: Everything i keep coming up with to make this work ideal according to the customer is Im gonna have to sell them a public ip for $10/month *grins* and then make sure their CPE is in bridge mode and assign that static to the customers router so they can enable UPnP themselves. -Kurt Fankhauser - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 11:45 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy adamkenn...@omnicity.net wrote: I would agree that it is a security hole for an ISP. UPnP would let me do my own forwards for just about any port I want, including SSH, telnet and web. For that matter, I could just be selfish and port map every port from 1024 through 65535 to my IP, completely killing access to anyone else. In an ISP environment, the best option really is to disable UPnP if you are doing NAT. -- Adam Kennedy Network Engineer Omnicity, Inc. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Marlon K. Schafer Sent: Monday, August 02, 2010 10:43 AM To: WISPA General List Subject: Re: [WISPA] XBOX live, NAT, and UPnP Man that sucks. We turn off upnp on ALL routers. I've always been told that it's a big security hole. Thoughts on that? marlon - Original Message - From: Josh Luthman j...@imaginenetworksllc.com To: WISPA General List wireless@wispa.org Sent: Monday, August 02, 2010 7:29 AM Subject: Re: [WISPA] XBOX live, NAT, and UPnP I don't seem to have any issues with double or triple NAT. When I was working with MT to fix the upnp issue with Xboxes. I have it marked as 4.6 with modifications (it was an unofficial 4.6 they gave me) so I would say 4.7 or higher should enable Xbox upnp. Even this requires a public IP on the Mikrotik to remove even nice strict (I think it's called open?). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser k...@wavelinc.com wrote: So does anyone here have any customers that use XBOX live and bark to you about you NAT? Apparently the XBOX live service is very picky about being behind any NAT device and its ability to make connections to other servers. From what I gathered is that the LIVE service uses Universal Plug and Play (UPnP) to get around this but the question I have is. If your doing masquerade on a Mikrotik Core Router should you enable UPnP on that device? Or should I just issue public IP's to the customer that games and let them worry about it? And if you have UPnP enabled on the core router and then do a double-NAT through the customers Linksys router with UPnP enable does that not work because of the double-NAT? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com
