Note: this FAQ applies only to firmware version 2 and higher. See How do I check my firmware version?
The Xbox (and possibly other gaming systems) have a problem with the latest UPnP server the IQrouter V2 presents, and are not able to automatically get ports forwarded via UPnP.
When using an Xbox or other gaming systems with the IQrouter, the initial NAT state will be listed as 'Moderate'. To achieve NAT State ‘Open’, we must make configuration changes in the IQrouter advanced menu.
Since port forwards are to a specific IP, we must set a static IP on the console or set the current DHCP address as a static lease so it will not change.
To set a static Lease
Log into the IQrouter, then Select Advanced->Advanced
Go to the Network->DCHP and DNS page
Note current IP and MAC address of Xbox in the Active DHCP leases list
Click ‘add’ static lease
Fill in a name (e.g. Xbox) then pick the MAC address of the Xbox and for IPv4, pick the IP of the Xbox
Click ‘Apply and Save’ button.
Next, we need to set the port forward of the gaming port (3074)
Once in the Advanced menu, select Network->Firewall
Click ‘Port Forwards’ tab
Scroll down to the section labeled 'New port Forward' and fill in the fields;
Name = Name of the Port forwarding (e.g : Gamebox)
Protocol = TCP, UDP, or TCP and UDP (you want both)
External Zone = The interface which share your public IP (WAN)
External Port = Port you want open on Internet (e.g : 3074)
Internal Zone = The interface for your Local Area Network (LAN)
IP Address = The IP address of the device being forwarded to (e.g. 192.168.0.5)
Internal Port = Port that used on your local applications you want to open (e.g : 3074)
Click 'Add' to add that new port forward to the list
Finally, click Save & Apply to make it active.
Once done, the page should look like this:
Please reboot the game console before verifying the NAT state, as they often cache the state.
Sometimes it is easier to just forward all ports to the console, which is a configuration known as DMZ (de-militerized zone). That way any inbound connection from any port will be routed to the console. NOTE: that means no firewall filtering occurs for the selected target IP and assumes the target has sufficient security measures to handle that.
To set up a DMZ target, it is just like the steps above, but leave the port fields BLANK, that will forward ALL ports to the selected IP address.