In reply to a post by PokeyOaks:

There appears to have been some misunderstanding. I am referring to incoming traffic!! I'm not *that* dim!

And how are you testing this?

This makes no sense. NAT is not a many to many relationship. Are you saying that if you just opened up a web server on any computer that it would be accessible from the internet? How would your router know how to NAT this to the correct device?

This sounds like something specific to your XBOX - maybe "open NAT" simply means that you are behind NAT but is is open on the outbound, as per what people here are thinking.

There's quite a few home routers that once you open a port outbound to access something will allow traffic inbound on the same port.
This may or may not be what is going on here.

Thanks
Dan

In reply to a post by danielhyde:

There's quite a few home routers that once you open a port outbound to access something will allow traffic inbound on the same port. This may or may not be what is going on here.

On a default setup of all home routers, you don't "open a port" outbound, you just connect, otherwise VoIP, email, HTTP/HTTPS would all fail. The NAT engine watches the traffic from your machine, creates a state table, and retransmits the packet with the public IP. When the reply comes back to the ephemeral high port, the NAT engine rewrites it to the internal device.

The problem is unsolicited inbound that doesn't match an outbound, that is where the NAT has no idea where to send to. At that point the terms "open a port" normally mean "map a port to an IP" so you can tell the NAT that unsoliciated inbound on port xxxx is forwarded to internal IP xxxxx.

So I'm confused at a network level as to what "open a port" actually means, if it is not gamer slang for port forwarding???

Yeah I know that, I was using terminology that the OP would understand.
I've experienced first hand when using SIP phones on some home routers that once it has connected outbound you can connect inbound and call the phone directly.
This is caused by the router allowing traffic back through the NAT state created by the outbound connection.

Thanks
Dan

We’re all saying the same thing in a roundabout way - the router of course allows solicited inbound traffic, based on a device on the internal network making some request or opening some sort of tunnel.

There is no way a consumer NAT router is going to allow unsolicited inbound traffic / by default.

The OP has yet to provide any evidence or data to support his claim/concern that that is happening (over and above from the loose description(s) his games boxes are giving him).

Hence why I think this is all illusory rather than real.