The Xbox is using Tredo, a tunnel for IPv6 over IPv4 … A huge security problem and a lot of providers are not happy with it.
Unfortunately the Xbox help pages are not helpful at all. As @alzhao wrote, they write about forward totally not related ports (DNS, HTTP). This is not needed.
I wrote something, that can work, see Gl mt300 v2 nat problem xbox - #8 by LupusE. But no guarantee, if your provider is blocking Tredo.
[…]
As far as I know the Xbox is using IPv6 native. With the Tredo protocol it will tunneling IPv6 over IPv4, if no IPv6 is available. A very huge security issue, because you have no chance to configure/secure this tunnel, am attacker who claims to be Microsoft is able to use the Xbox as hopper to your network … In theory, this for another day. Back to topic:
The Xbox indeed needs some open ports. Put the Xbox in DMZ, as ‘Exposed Host’ or whatever you’ll call it could work. But I strongly recommend to forward only the needed ports.
Port forward:
88 UDP
3074 TCP/UDP
3544 UDP
[Alternate Port]* TCP/UDP
(* The ‘Alternate Port’ that depends on the user. Regular the Xbox will negotiate a Port itself and use it for Multiplayer or Chat and so on. But you can set it to a fixed port per user.
On the Xbox Settings: Network Settings - Advanced Settings - Alternate port selection. Here you can select one from a bunch of port numbers. It needs to be forwarded in TCP and UDP. One port per Xbox-User)
Upnp never worked for me, with different routers. Maybe one time during setup/testing, but never reliable.
[…]