Don't the majority of us NAT at the customer SM? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Mon, Aug 2, 2010 at 11:31 AM, Adam Kennedy <[email protected]> wrote: > I would agree that it is a security hole for an ISP. UPnP would let me do my > own forwards for just about any port I want, including SSH, telnet and web. > For that matter, I could just be selfish and port map every port from 1024 > through 65535 to my IP, completely killing access to anyone else. > > In an ISP environment, the best option really is to disable UPnP if you are > doing NAT. > > -- > Adam Kennedy > Network Engineer > Omnicity, Inc. > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Marlon K. Schafer > Sent: Monday, August 02, 2010 10:43 AM > To: WISPA General List > Subject: Re: [WISPA] XBOX live, NAT, and UPnP > > Man that sucks. We turn off upnp on ALL routers. I've always been told > that it's a big security hole. > > Thoughts on that? > marlon > > ----- Original Message ----- > From: "Josh Luthman" <[email protected]> > To: "WISPA General List" <[email protected]> > Sent: Monday, August 02, 2010 7:29 AM > Subject: Re: [WISPA] XBOX live, NAT, and UPnP > > > I don't seem to have any issues with double or triple NAT. > > When I was working with MT to fix the upnp issue with Xboxes. I have > it marked as 4.6 with modifications (it was an unofficial 4.6 they > gave me) so I would say 4.7 or higher should enable Xbox upnp. Even > this requires a public IP on the Mikrotik to remove even nice strict > (I think it's called open?). > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser <[email protected]> wrote: >> So does anyone here have any customers that use XBOX live and bark to you >> about you NAT? Apparently the XBOX live service is very picky about being >> behind any NAT device and its ability to make connections to other >> servers. >> From what I gathered is that the LIVE service uses Universal Plug and Play >> (UPnP) to get around this but the question I have is. If your doing >> masquerade on a Mikrotik Core Router should you enable UPnP on that >> device? >> Or should I just issue public IP's to the customer that games and let them >> worry about it? And if you have UPnP enabled on the core router and then >> do >> a double-NAT through the customers Linksys router with UPnP enable does >> that >> not work because of the double-NAT? >> >> >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
