Am running Merlin 378.51 beta where you can choose NAT loopback - Merlin, ASUS or disabled
I do not fully understand NAT loopback, but I have has an issue recently where my son cannot hear one of his PS3 friends playing Destiny - the error message is 'NAT error' in the game.
I disabled NAT acceleration based on a google search with no joy, and have tried the Merlin and ASUS NAT loopback settings - problem still existed. I tried disable NAT loopback on the off chance, and it has resolved the issue..
Anyone have a suggestion as to why ? will I break anything else by disabling this ? I do not access my local LAN from outside - apart from via the synology quick connect - have not tested it, but NAS does not report any issues
Thanks in advance
Concerning the NAT error on your PS3...
If he's seeing NAT Error next to the player's name, then the NAT issue isn't on your side...its on the other player's side.
As for UPnP...
I've had this enabled for as long as I've had routers that support it.
On one hand, there is a security risk to this because the protocol doesen't have an authentication mechanism and any program can request a port to be forwarded to it. This means a virus or malicious software could also use UPnP to open holes through the router.
But here's where I take this with a "...grain of salt"
UPnP is a system targeted at consumers. While an enterprise network can have thousands of devices behind a firewall, the reality is a home network will only have a dozen or so devices; I consider my own network an extreme case and I only have 30 devices. UPnP allows programs already inside your network to ask for connections to be opened (and bypass NAT routing) to the outside Internet. A program outside your home network (on the internet) can't ask UPnP to open a hole though your router though.
The question to ask is "What is the likelihood that one of my computers would get a virus that uses UPnP?" A virus or malware app is going to target a vulnerability in an application first and then try to use UPnP to make it easier to remotely access the PC. Malware has many different fallback methods of connecting though, so if UPnP doesn't work, it may fallback to HTTP or even IRC. It may make things a bit more difficult because the malware app would need to use a relay point (another infected server with holes in it's firewall), but this is trival.
My opinion, and plenty of others will disagree with me, is that you need to protect your computers. Make sure every PC is running AntiVirus software; Microsoft's free antivirus and antimalware program is pretty good and its what I use. More importantly, make sure all your PCs are automatically updating (both Windows and Mac). While some new viruses will target vulnerabilities that haven't been discovered yet, virus writers a lazy. Most of the people infected today are exploited through security issues that were patched more than 12 months in the past.
Apart from that, I'd consider using a DNS service like Commodo or OpenDNS. Your router supports these providers and they actively block URLs that contain malicious content (I use Google DNS, but it doesn't do this today). I've also enabled AiProtect on my router. I'm not sure how effective it is yet, but it's using Trend Micro's deep packet inspection system to try and block malicious traffic before it hits your PC.
I think UPnP solves A LOT of hard problems for consumers. It makes hard problems, like Double-NAT, go away for complex programs. I ultimately think it's benefits outweigh the security drawbacks, but only if you practice good user habits (antivirus and patching).
- Atoshi
