IPv6 RD DNS Issue and NAT UPNP Issue

[ColinTaylor]

No source field at all.

Ah OK. I'm using an older firmware so they probably removed that column as it was pointless as it only ever contained "ALL".

You should be able to check it from the routers command line:

# iptables -t nat -L -v
:
:
:
Chain VSERVER (1 references)
 pkts bytes target     prot opt in     out     source               destination
 904K   32M VUPNP      all  --  any    any     anywhere             anywhere

Chain VUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13  1196 DNAT       udp  --  any    any     anywhere             anywhere            udp dpt:9308 to:192.168.1.156:9308
 3750  200K DNAT       tcp  --  any    any     anywhere             anywhere            tcp dpt:6881 to:192.168.1.55:6881

 

[William Earl]

Ah OK. I'm using an older firmware so they probably removed that column as it was pointless as it only ever contained "ALL".
View attachment 7157

You should be able to check it from the routers command line:

# iptables -t nat -L -v
:
:
:
Chain VSERVER (1 references)
pkts bytes target     prot opt in     out     source               destination
904K   32M VUPNP      all  --  any    any     anywhere             anywhere

Chain VUPNP (1 references)
pkts bytes target     prot opt in     out     source               destination
   13  1196 DNAT       udp  --  any    any     anywhere             anywhere            udp dpt:9308 to:192.168.1.156:9308
3750  200K DNAT       tcp  --  any    any     anywhere             anywhere            tcp dpt:6881 to:192.168.1.55:6881

The apps with the issues are on PC but UPNP tests fine. but can't get a open nat. Also if I plug in my RT-N56U running Padavan I get open nat in all games with nat set as open cone.

ASUSWRT-Merlin RT-N66U 380.61-0 Fri Aug  5 01:18:03 UTC 2016
admin@RT-N66U-C3A8:/tmp/home/root# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 58 packets, 3370 bytes)
pkts bytes target     prot opt in     out     source               destination             
   10   464 VSERVER    all  --  any    any     anywhere             174-27-24-12             0.bois.qwest.net
    0     0 VSERVER    all  --  any    any     anywhere             169.254.56.1             31

Chain POSTROUTING (policy ACCEPT 32 packets, 2709 bytes)
pkts bytes target     prot opt in     out     source               destination             
   13   770 MASQUERADE  all  --  any    ppp0   !174-27-24-120.bois.qwest.net  an             ywhere
    0     0 MASQUERADE  all  --  any    eth0   !169.254.56.131       anywhere               
    3   180 MASQUERADE  all  --  any    br0     192.168.1.0/24       192.168.1.0             /24

Chain OUTPUT (policy ACCEPT 29 packets, 2613 bytes)
pkts bytes target     prot opt in     out     source               destination             

Chain DNSFILTER (0 references)
pkts bytes target     prot opt in     out     source               destination             

Chain LOCALSRV (0 references)
pkts bytes target     prot opt in     out     source               destination             

Chain PCREDIRECT (0 references)
pkts bytes target     prot opt in     out     source               destination             

Chain PUPNP (0 references)
pkts bytes target     prot opt in     out     source               destination             

Chain VSERVER (2 references)
pkts bytes target     prot opt in     out     source               destination             
   10   464 VUPNP      all  --  any    any     anywhere             anywhere               

Chain VUPNP (1 references)
pkts bytes target     prot opt in     out     source               destination             
    0     0 DNAT       udp  --  any    any     anywhere             anywhere                         udp dpt:62929 to:192.168.1.113:62929
    0     0 DNAT       udp  --  any    any     anywhere             anywhere                         udp dpt:54348 to:192.168.1.190:54348
    6   276 DNAT       udp  --  any    any     anywhere             anywhere                         udp dpt:5628 to:192.168.1.190:5628
    0     0 DNAT       tcp  --  any    any     anywhere             anywhere                         tcp dpt:5628 to:192.168.1.190:5628

 

[john9527]

it's easier to see what's set (at least for me) if you do

iptables-save -t nat

 

[ColinTaylor]

Well that looks exactly the same as mine so I'd call that full-cone NAT. To be honest I would expect to see games refer to this setup as "moderate" NAT which is perfectly acceptable as far as I am concerned. The only way you'd get "open" NAT is if you were to create manual port forwarding rules for every port that you require (and configure Windows Firewall), or if you put the PC in the DMZ.

Unfortunately, the term "open" NAT is interpreted differently by different people (including games developers) which just adds to the confusion.

 

[William Earl]

Well that looks exactly the same as mine so I'd call that full-cone NAT. To be honest I would expect to see games refer to this setup as "moderate" NAT which is perfectly acceptable as far as I am concerned. The only way you'd get "open" NAT is if you were to create manual port forwarding rules for every port that you require (and configure Windows Firewall), or if you put the PC in the DMZ.

Unfortunately, the term "open" NAT is interpreted differently by different people (including games developers) which just adds to the confusion.

Makes me wonder what is different in Padavan's full cone nat compared to merlins. I also did a port forward with the ports for GTA and it still came back as moderate.

 

[PabloAbonia]

Makes me wonder what is different in Padavan's full cone nat compared to merlins. I also did a port forward with the ports for GTA and it still came back as moderate.

Open nat seems to depend upon properly configured IPv6. The Xbox one does not seem to care for dhcpv6 as it changes it's duid all the time. I can't play with 6rd, and I'm little surprised that it will not allow stateful addressing.

Regardless, dnsmasq has had a problem with setting the DNS address in the past. Only the number OR the name option works for it, but I can not remember which it is.

You can use one of Merlins postconf scripts, dnsmasq.postconf, to change that setting, and figure out which one works.

Pablo

 

[William Earl]

Open nat seems to depend upon properly configured IPv6. The Xbox one does not seem to care for dhcpv6 as it changes it's duid all the time. I can't play with 6rd, and I'm little surprised that it will not allow stateful addressing.

Regardless, dnsmasq has had a problem with setting the DNS address in the past. Only the number OR the name option works for it, but I can not remember which it is.

You can use one of Merlins postconf scripts, dnsmasq.postconf, to change that setting, and figure out which one works.

Pablo

Both routers have the same IPv6 setup. I even disabling IPV6 does not help.

 

[el pescador]

Never had open nat on merlin or asus on ip4.

 

[Vexira]

I thought the router was running symmetric nat, it would explain the console issues