That is, NO FORWARDING. Leave it stock in the router.

Now, on the router find the XBox's IP address on the LAN and put that into the DMZ entry. This way it's going to get all the traffic and look like it's on the Internet. If that fails there could be an ISP issue. There are ISPs that due to their architecture will NEVER give you more than a moderate NAT.

So with that out of the way I can write that here I've never had to do this on our XBox's. Since we never attempt to host a match. https://support.xbox.com/en-US/xbox-one/networking/nat-error-solution