I just recently moved. At my new apartment complex, while on Xbox Live, I'm unable to join friends to play games with them.
I get this error:
Your setting STRICT NAT is the least compatible
I have an airport express setup in double NAT mode. Is there a fix for this?
Best Answer
The short answer is no, not with double NAT.
The long answer is - well, to step back a little into Internet history, the way TCP/IP was designed to work and did so, back in the day, is that every host on the network would have its own unique IP address, and so every host could contact every other host easily.
But then two factors intervened, as the Internet grew. One of them was a sudden shortage of IP addresses, due to demand; the other one was telcos building infrastructure that gave just one IP address to each residential customer, partly because of the first factor, and partly because residential customers will never have more than one computer each, right?
And so NAT was born, which remembers which outbound connections are made from any of the machines inside it so that when replies come back to its single outside address, it can send them back to the host they came from - letting multiple hosts exist behind a single IP address. As far as the host inside is concerned, it's talking directly with the host on the far end; as far as that computer is concerned, it's talking to a host at the outside address of the NAT device.
The problem is with inbound connections; because as you can see from the description of the scheme above, without an inside host having communicated outbound first, NAT has no idea where to send an incoming connection.
There are various ways around this. You can map ports (which define what a service is) explicitly to send incoming connections for that service to a specific host inside NAT. You can use UPnP (Universal Plug and Play) on your router, which attempts to set these mappings up for you on request. And if all else fails, Xbox Live has some last-ditch methods to try and keep a connection up, which is what is giving you strict NAT at the moment.
The problem is that these methods work through one layer of NAT, because they rely on being able to map a specific external address/port to a specific internal address/port, which they can do through one translation because between the two ends of the connection, they have all the details. Once you introduce a second translation, there's a whole invisible segment in the middle they can't see and compensate for, and things break.
The first step in getting your Xbox connectivity to work is to get rid of the double NAT. The easiest way to do this is probably to configure your AirPort Express in bridge mode, so that you are effectively only behind the first NAT.
At that point, you should be able to get to Open NAT using UPnP or port mapping, using the techniques explained here: http://www.wikihow.com/Change-Your-Nat-Type-on-Xbox-Live
If you control the router that is doing said first NAT. (If it is a shared router for the apartment complex and does not have UPnP enabled, this is probably something you'll need to arrange with your landlord, alas.)
See also: http://www.graemenoble.id.au/post/48695277030/double-nat-explained-and-possible-solutions