09-07-2010, 09:04 AM
I was looking into the Xbox port issue and I think perhaps there is a misunderstanding. Yes it is true that in the 360 support forums they recommend you port forward port 80(web server) and port 53(DNS), however those two DO NOT NEED to be forwarded. Microsoft has proprietary software on their XBL servers that communicates over port 80. I remember a few years back a buddy of mine was attempting to decipher what exactly the server was doing. His hypothesis was that your xbox sends data to some form of web interface which is not necessarily readable by human eye natively(not html or the like), and Microsoft can use this to check certain specs of your machine. This includes but is not limited to: your xbox serial number, all of your LAN information, voltage data from the circuit board(most likely to check for hardware mods) etc. It is not used for gameplay, and if you happen to be running a web server on your network it would take several static NAT[Network Address translation] rules to allow the port forwarding to both your web server and your xbox. Whether or not you have that port forwarded on your router your xbox is completely capable of talking out to port 80.
Same as the web browser on your computer you are reading this post with right now is talking out to port 80 on the MCompute web server. NAT (which in great detail is beyond the scope of the conversation) will actually use say TCP port 8345 locally on your machine to communicate with port 80 on the remote machine. When the remote machine(the web server) on port 80 responds back your NAT will know to forward the reply back to your local port of 8345 which is waiting for the response. The remote server has no idea what local port number your NAT has assigned and it doesn't care. In comes Microsoft who apparently think it is best for them to be able to connect to some kind of web server on your xbox from their end, even though their precious xbox will talk out whenever they want it to.(They did design it after all, and Microsoft believes that you may own that box but they own everything that runs it.)
Port 53 is for DNS communications.....the possibilities for why they would want to do this are quite vast and bring out the conspiracy theorist in me. I am a little tired and don't really feel like getting into that at this moment, perhaps some other time.
Bottom line it is not necessary to forward 80 or 53, all you really need is:
TCP 88(kerberos) & 3074(XboxLive Protocol)
UDP 3074
Or as Mark said DMZ it, which is really the easiest and best way and actually causes your 360 to act as a honeypot to boot!
Same as the web browser on your computer you are reading this post with right now is talking out to port 80 on the MCompute web server. NAT (which in great detail is beyond the scope of the conversation) will actually use say TCP port 8345 locally on your machine to communicate with port 80 on the remote machine. When the remote machine(the web server) on port 80 responds back your NAT will know to forward the reply back to your local port of 8345 which is waiting for the response. The remote server has no idea what local port number your NAT has assigned and it doesn't care. In comes Microsoft who apparently think it is best for them to be able to connect to some kind of web server on your xbox from their end, even though their precious xbox will talk out whenever they want it to.(They did design it after all, and Microsoft believes that you may own that box but they own everything that runs it.)
Port 53 is for DNS communications.....the possibilities for why they would want to do this are quite vast and bring out the conspiracy theorist in me. I am a little tired and don't really feel like getting into that at this moment, perhaps some other time.
Bottom line it is not necessary to forward 80 or 53, all you really need is:
TCP 88(kerberos) & 3074(XboxLive Protocol)
UDP 3074
Or as Mark said DMZ it, which is really the easiest and best way and actually causes your 360 to act as a honeypot to boot!