SPI and DMZ

[Mat77]

In many Tutorials for better Onlinegaming people say that you should turn off SPI.

If I use my xbox in DMZ - is SPI disabled for this device or not?

Is it possible that SPI slowsdown onlinegaming? Ist it possible to disable SPI only for 1 device?

 

[CooCooCaChoo]

If I remember correctly SPI is part of the firewall so you just can't turn off one aspect of the firewall. While it is true that the firewall does add a few milliseconds of latency, it's benefits outweigh turning it off completely.

 

[RogerSC]

In many Tutorials for better Onlinegaming people say that you should turn off SPI.

If I use my xbox in DMZ - is SPI disabled for this device or not?

Is it possible that SPI slowsdown onlinegaming? Ist it possible to disable SPI only for 1 device?

When you use the DMZ for a client/device, it is not behind the router's firewall, so yes, SPI does not apply to that client. However, I wouldn't advise doing that, security is too important to compromise for a nearly negligible latency. I'm not a gamer, but I'd be looking elsewhere to minimize my network latency if I were.

 

[sinshiva]

isn't an SPI firewall just iptables with a drop policy?

honestly, i've ever only seen decreased latency. the kind of processing being done for a firewall shouldn't be any greater than the simplest of arithmetic. it's when the firewalls are a 'UTM' performing 'DPI' that the hardware requirements soar, really

 

[RMerlin]

isn't an SPI firewall just iptables with a drop policy?

iptables by its design is SPI - it's state-aware. Having rules that allows ESTABLISHED,RELATED connections in, but will process a ruleset against anything else (such as NEW connections) is an example of what an SPI firewall does.

 

[Mat77]

When you use the DMZ for a client/device, it is not behind the router's firewall, so yes, SPI does not apply to that client. However, I wouldn't advise doing that, security is too important to compromise for a nearly negligible latency. I'm not a gamer, but I'd be looking elsewhere to minimize my network latency if I were.

what can I do to reduce latency more? To disable WMM in wireless Settings helped me very much. It seems that WMM slowsdown the connection also if I don´t play wireless.

Most of the lag is gone - I mean the lag on my side. I often had the Problem that I feel that all the Lag is only on my side and only I´m behind and it´s not the "normal" Internet Lag. I also have lag with this Setting disabled but only the "normal" Internet Lag.

On this Router I think WMM is the cause of slowdowns.

 

[Mat77]

iptables by its design is SPI - it's state-aware. Having rules that allows ESTABLISHED,RELATED connections in, but will process a ruleset against anything else (such as NEW connections) is an example of what an SPI firewall does.

I wonder that also Activision Support want to turn the Firewall of completly. This is unsecure and should not be suggested or I´m wrong? Only for playing Playstation or xbox I have to turn my Firewall off for the whole Network?

http://support.activision.com/articles/en_US/FAQ/Lag-Occurs-in-Multiplayer-Game

 

[RMerlin]

I wonder that also Activision Support want to turn the Firewall of completly. This is unsecure and should not be suggested or I´m wrong? Only for playing Playstation or xbox I have to turn my Firewall off for the whole Network?

http://support.activision.com/articles/en_US/FAQ/Lag-Occurs-in-Multiplayer-Game

Those support articles are written by irresponsible people IMHO, who don't care what other issue it causes - all they want is to get the complaining customers off THEIR back, and shovel the issue into someone else's backyard.

I only skimmed through that article, and it doesn't even make any sense. Disabling the firewall means uPNP won't even work in most routers, since uPNP is... port forwarding configured in a firewall.

Frankly, if you have lag issues with a high-end router such as an RT-N66U, the only fix is to go wired, or look at your ISP's end. Cause the 2-4 ms that can potentially be added by features such as the firewall or WMM won't even be visible to a human being when you already have a 40-60ms lag from the round-trip over the Internet alone.

But then, I know some gamers spend 100$ on a "Killer NIC" and pretend it improves their ping time/frame rate, when technically it makes zero sense. <shrug>.

 

[RMerlin]

Another thing that make me want to hit my head on the desk repeatedly is when I see support articles saying you should forward port 80 and 53 to make your XBox/PS3 online gaming work properly. Some people can't even tell the difference between inbound and outbound connections, or firewall allowing and port forwarding.

I've seen that one only too often.

 

[Mat77]

Another thing that make me want to hit my head on the desk repeatedly is when I see support articles saying you should forward port 80 and 53 to make your XBox/PS3 online gaming work properly. Some people can't even tell the difference between inbound and outbound connections, or firewall allowing and port forwarding.

I've seen that one only too often.

even xbox live support suggest to open Port 53 and 80

http://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live

 

[Mat77]

Those support articles are written by irresponsible people IMHO, who don't care what other issue it causes - all they want is to get the complaining customers off THEIR back, and shovel the issue into someone else's backyard.

I only skimmed through that article, and it doesn't even make any sense. Disabling the firewall means uPNP won't even work in most routers, since uPNP is... port forwarding configured in a firewall.

Frankly, if you have lag issues with a high-end router such as an RT-N66U, the only fix is to go wired, or look at your ISP's end. Cause the 2-4 ms that can potentially be added by features such as the firewall or WMM won't even be visible to a human being when you already have a 40-60ms lag from the round-trip over the Internet alone.

But then, I know some gamers spend 100$ on a "Killer NIC" and pretend it improves their ping time/frame rate, when technically it makes zero sense. <shrug>.

The WMM thing is noticable for me. I disabled for testing also the Firewall - no differences here. But WMM disabled improved my connection. I play wired and not wireless - I don´t know why disabling WMM improves my connection. (I have the RT-N56U) But it´s like night and day for me on xbox live.

 

[wouterv]

All I can say is that my son live part of his life behind his PS3 since some years, playing all kind of online games.
The router here has UPnP disabled and it does not have port fording or DMZ, and the PS3 seems to be pretty happily online.
For Xbox I dont know, if I have to believe the different forums you need to open all kind of ports or put the thing in DMZ to make it work for online games which (if true) is ridiculous due to the knowledge it requires and the risk to expose your entire local network to the outside world.

 

[RMerlin]

even xbox live support suggest to open Port 53 and 80

http://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live

They use "opening port" and "forwarding port" in the same sentence when they're not the same thing. This is a perfect example of what I was talking about indeed Those ports need to be open (allowing outbound connection for web and DNS services). They must not be forwarded, since your XBox does not host a web server, or (even less) a DNS server.

 

[Mat77]

They use "opening port" and "forwarding port" in the same sentence when they're not the same thing. This is a perfect example of what I was talking about indeed Those ports need to be open (allowing outbound connection for web and DNS services). They must not be forwarded, since your XBox does not host a web server, or (even less) a DNS server.

Niow I understand - thats the Reason why Port Forwarding to xbox live in this Router "only" opens Port 3074. The other Ports are not nedded for incoming connections.