cancel
Showing results for 
Search instead for 
Did you mean: 

UnPNP

the_groundsman
Grafter
Posts: 381
Thanks: 2
Registered: 12-08-2007

UnPNP

Wasn't sure where to post this.
My son is an avid XBox live user. He found that his ability to chat to other players was limited. The Xbox help said something about his NAT not being up to scratch. The solution apparantly was to enable UnPNP on our modem/router. I did this but somewhat reluctantly as I remember reading this should be disabled for security reasons.
Without understnading what NAT is or what Universal Plug N layP does in this context; I'm not able to assess the extent of the security risk. He wont be happy if it has to be disabled again.....
Can anyone explain this to me in laymans terms please?
11 REPLIES
Community Veteran
Posts: 3,789
Registered: 08-06-2007

Re: UnPNP

In very basic terms, UPNP allows a client (the XBOX) to negotiate directly with the router for the purposes of opening ports, instead of having to manually forward specific ports in the router itself.
The UPNP requests can only come from inside the network, they cannot be initiated from the 'external' side of the network.
Regarding securrity, there are a few potential issues:
1.  There may be an exploit in the UPNP code that is present on the router.  This is fairly unlikely but still a remote possibility.  As with all security decisions, it s a tradeoff between functionality and security.
2.  The XBOX itself will be in control of which ports it opens and when.  Again, this is not necessarily an issue, more something to be aware of.
IMHO, I would let UPNP do it's job and leave it turned on on the router.  The security impllications are going to be pretty minimal in most cases.
B.
the_groundsman
Grafter
Posts: 381
Thanks: 2
Registered: 12-08-2007

Re: UnPNP

Thanks for the prompt  reply Barry - That's really clear.
Community Veteran
Posts: 14,345
Thanks: 685
Fixes: 10
Registered: 01-08-2007

Re: UnPNP

There are some concerns about it actually. A while back there was a Flash hack going round which was downloaded via internet explorer (EG an animation) which could open up ports via UPnP to allow a hacker to gain access. Obviously it wasn't overly successful as many folks have UPnP turned off but as usual a few people got hit!
Then there is the virus's, trojans etc which can also sneak through with a webpage and do the same thing...
I've never had it happen myself and I do/did use UPnP a while back and never had any problems...
I need a new signature... i'm bored of the old one!
scootie
Grafter
Posts: 4,799
Registered: 03-11-2007

Re: UnPNP

you can allways turn upnp off and manuly foward the ports your son needs for the xbox
1. make sure your router gives the same ip to the xbox every time as you have to manuly port forward to static local ip address
2 ports to open 3074 both udp and tcp. also 88 udp  to be honest i think you only need to open 3074
the_groundsman
Grafter
Posts: 381
Thanks: 2
Registered: 12-08-2007

Re: UnPNP

Thanks for the update. I read up on the port forwarding but
I found the whole thing quite complicated is there a good idiots guide to follow?
scootie
Grafter
Posts: 4,799
Registered: 03-11-2007

Re: UnPNP

http://portforward.com/
most likely the best how to as it gives your router model and all so it has a  customised  step for xbox ports
i think  one of the steps it tells you to do is set a static ip address ( ie the one PN gives you but this is not needed)
the only static ip needed is the one your router gives to your son's xbox.
post back if you get stuck on any of the steps
or you can allways let us know what router you have and one of use will run you through the process here
the_groundsman
Grafter
Posts: 381
Thanks: 2
Registered: 12-08-2007

Re: UnPNP

Stuck at 1st base  Undecided
To be honest the instructions look clear enough the problem I have is around assigning a static IP to all my network devices. XBox looks OK, XP PCs and even the IPod Touch my daughter loves so much. The problem comes with work. I have a laptop provided by my caring employer so I can benefit from mobility working. Occassionally (not very often as I find it quite lonely being at home alone) I do work from home and connect using VPN. The problem is the laptop settings are all locked down as the corp IT department is very controlling. You can't right click let alone do something like assigning an IP address.
Looks like I'm stuffed? No way round this I would guess?
Lurker
Grafter
Posts: 1,867
Registered: 23-10-2008

Re: UnPNP

You are locked out from changing things on your notebook as you have a) no business changing things, and b) no need to!*
You only need to assign a static IP address to your Xbox, since that's the only thing you are trying to forward ports to - all the rest can sit on dymanic IPs without problem.
If you prefer, you could set a DHCP reservation via your router, which would be effectively the same thing (and is just as unnecessary).
*Imagine if your IT Dept had allowed you to set a static IP, then you wondered why you couldn't connect back at your corporate network, or in other remote locations.
the_groundsman
Grafter
Posts: 381
Thanks: 2
Registered: 12-08-2007

Re: UnPNP

Sorry - thought I had to set the DHCP server option to off and assign everything a static IP address. Embarrassed
No wonder I was a bit daunted by this.
My router is a Belkin F5D7633-4
Lurker
Grafter
Posts: 1,867
Registered: 23-10-2008

Re: UnPNP

You simply assign an address on the same network that is outside of the DHCP Pool to each device that you want to have static addresses.
If the DCHP Pool was 192.168.2.2 - 192.168.2.100, you could simply choose to assign any address from 192.168.2.101 - 192.168.2.254 without any issues whatsover.
The addresses 191.168.2.2 - 192.168.2.100 would still be issued to DHCP Clients as necessary.
scootie
Grafter
Posts: 4,799
Registered: 03-11-2007

Re: UnPNP

i found the belkins to very lacking in the menus dept fro setting your lan ips up how you want to but the way james_G surrgested is the best.
i think the easyest way is to go to the network settings on the xbox and manul config the ip settings which would be  following the ips james used
IP 192.168.2.101 (anything out side the dchp pool)
subnet is somthing 255.255.255.0 (you should find this out on the router some where).
gateway would be 192.168.2.1 (the routers ip address)
and both the dns would again be the routers ip address if it's used as the dns server which it will be
once you xbox is using these new settings o.k setup your port forwarding to to its static ip address