My point in mentioning the corporate VPN… is to illustrate my point that port reassignment does happen, and is done by many entities. Any port below 1024 is supposed to be reserved, true. But there is no effective way to police the situation at this point. And, I don’t see any issue with discussing this in the context of XBOX port use, it is part of the environment applicable. But, agreed the topic how to provide XBOX open NAT connectivity through the various possible firewall designs is or should be the focus.
I see two options for my XBOX configuration:
-
Use the DMZ port on my internet router, and set a 2nd ipfire wall in place, and then behind that, my XBOX. Since there are multiple XBOXes in the house, this is not a great solution. But for now, only my XBOX needs open NAT. This does device and network isolation, which I like. I just can’t run cabling all over the house to create completely separate physical DMZ rail.
-
Set up an additional zone and set my XBOX in that new zone. Separate from my internal LAN (GREEN), WiFi (BLUE), and RED which is between router and firewall, and otherwise empty of devices.
I am not considering any type of internal VPN or tunneling layer, option 2 would use port-forwarding from router to firewall. That is what I would like to get working initially just to understand the applicable configuration and functionality of such.
So my original question is, if my router is (RED) 0.251, and (RED) 0.91 is the firewall, do I set router port-forwarding to 0.91, or to the final destination IP (GREEN)? My router will not forward beyond its immediate IP range. So I guess I must port forward to the firewall RED port. Thus, I set the forwarding to 0.91, are the rules I illustrated above incorrect, they need the source to be 0.91 or source router IP of 0.251?