UPnP - Multiple Xbox One Gaming Consoles & NAT

strangeluck

Regular Contributor
It might interest some of you to know that the latest xbox insider preview build contains new network features and improvements to address this issue. There's discussion about it on reddit started by one of the xbox engineers whom I quote below: https://www.reddit.com/r/xboxone/comments/6si38n/psa_some_small_but_interesting_networking_changes/

Alternate multiplayer port selection: Under Network settings, Advanced settings there's a new button labeled Alternate port selection. For home networks where UPnP is problematic or unavailable and where multiple Xbox consoles are present, customers can now select an alternate port for multiplayer and chat to use. The default port for Xbox multiplayer and chat is UDP 3074, and when working around NAT issues you can set up either port forwarding or port triggering for this port & protocol to open up the NAT type for a single console. However, this option is only available to one console at a time if all consoles are using UDP 3074. With this new option, you can select a different UDP port from a drop down menu for each console so that you can setup port forwarding rules for each console on your home network. When the console binds to the new port, it will also attempt to port map via UPnP on this new port in case the UPnP issues with the home router are intermittent.
 

e38BimmerFN

Very Senior Member
Are these masquerade rules something users can use on Merlin FW? Or something that could be build into the FW?
Just curious here. I know that for the GT-5300, users are SOL for 3rd party FW currently.

On the miniupnp forums some guys fixed multiple console support with masquerade rules, sameway you did in 380.66
 

e38BimmerFN

Very Senior Member
Wow, this will be interesting to see how things go for multiple consoles. I wonder if it will also help with same game being played too....

Might be light at the end of the tunnel here...:eek:

 

Vexira

Part of the Furniture
Are these masquerade rules something users can use on Merlin FW? Or something that could be build into the FW?
Just curious here. I know that for the GT-5300, users are SOL for 3rd party FW currently.
Like I said it requires editing ip tables and miniupnp, though I am perplexed since my xbox seems to think that I'm behind a full cone NAT I want to clarify with Merlin as to which nat it uses exactly, my guess is symmetric, but for all I know it's full cone, would be nice to have a choice between them or have some sort of dynamic switch for it.
 

e38BimmerFN

Very Senior Member
AH ok. Yes, would be nice to know which NAT type the FW is actually using. All I know is that for those routers with FULL CONE NAT, just using QoS and uPnP, two game consoles with same game running, both get OPEN NAT in the game. If it's symmetric NAT, the 2nd console in game only gets Moderate.

Will be interesting to see this new feature that MS seems to be talking about though. Will see. I guess someone from MS was paying attention to all the issues surrounding multiple game consoles. Finally. We need to find out if this helps it in game NAT too if same game is played.

Like I said it requires editing ip tables and miniupnp, though I am perplexed since my xbox seems to think that I'm behind a full cone NAT I want to clarify with Merlin as to which nat it uses exactly, my guess is symmetric, but for all I know it's full cone, would be nice to have a choice between them or have some sort of dynamic switch for it.
 

Vexira

Part of the Furniture
Would be nice if there was a hybrid version of it, or we had a toggle switch allowing a nat type change, but I thought multiple console support was fixed already in 380.66, which leads me to believe that symmetric NAT can support multiple consoles but it needs to be tweaked.
 

e38BimmerFN

Very Senior Member
Yes, got this from a different forum. How it was explained that Full Cone is more accepting of multiple game consoles while Symmetric isn't.

I'm staring to compile a new thread on a different forum about these two nat types and whats happening with more than a single game console. Also starting a list of current known tested routers that seem to have full cone nat and work with two or more consoles with a same game running.

Hoping that maybe this new MS development may put all of this to rest. Finally. Maybe. We'll see.

I'll link to this forum when I get the post completed.

 

e38BimmerFN

Very Senior Member
Yes, very much agreed. One thing I've asked at another router Mfr. There older routers had this kind of feature. We didn't know what it really was back then until someone explained the feature to me recently and it holds true, most of there older generation routers I tested work with this feature enabled. They removed this feature later on and all of there new generation routers don't have this selection and only support Symmetric NAT and testing, they fail to support two or more consoles with same game for OPEN NAT. One is always Moderate NAT. :oops:

Would be nice if there was a hybrid version of it, or we had a toggle switch allowing a nat type change, but I thought multiple console support was fixed already in 380.66, which leads me to believe that symmetric NAT can support multiple consoles but it needs to be tweaked.
 

Vexira

Part of the Furniture
Yes, got this from a different forum. How it was explained that Full Cone is more accepting of multiple game consoles while Symmetric isn't.

I'm staring to compile a new thread on a different forum about these two nat types and whats happening with more than a single game console. Also starting a list of current known tested routers that seem to have full cone nat and work with two or more consoles with a same game running.

Hoping that maybe this new MS development may put all of this to rest. Finally. Maybe. We'll see.

I'll link to this forum when I get the post completed.
I think that a nat type toggle switch would be the best option so the router might default to symmetric, but you could go tools and switch to full cone, and vice versa, mabye if we ask Merlin nicely enough he might consider it. The ability to switch between would eliminate any problems that full cone might have, because we could switch back.
 

Vexira

Part of the Furniture
I t
Yes, very much agreed. One thing I've asked at another router Mfr. There older routers had this kind of feature. We didn't know what it really was back then until someone explained the feature to me recently and it holds true, most of there older generation routers I tested work with this feature enabled. They removed this feature later on and all of there new generation routers don't have this selection and only support Symmetric NAT and testing, they fail to support two or more consoles with same game for OPEN NAT. One is always Moderate NAT. :oops:
I believe that symmetric NAT is broken and needs to be fixed or upgraded to support multiple consoles, if you read what I posted the link, it says the issue with symmetric NAT is here I'll quote it


"The first part in understanding why this is an issue is to realise that PC’s, xboxes, PS3s and their associated games and applications DON’T know that they are being NATed. As far as you xbox is concerned it’s IP address is 192.168.0.1. Any devices that communicate with it on the Internet however use the public IP address of your router of say 5.45.4.21. NAT takes care of translating the IP addresses from the public IP to the internal IP when needed. So why is this a problem you ask? Well with any connection attempt the destination IP address and port must be known. In all the examples above you will see that the website IP address was known as well as the port, these are fixed and never change. Some programs however use a range of dynamic ports. When hosting computer games your console will choose a random port to host the game on. Because other consoles don’t know your IP address or port they must learn it somehow before connecting. Your console sends it’s IP address and port for the hosted game to xbox live or the PS3 network where other parties retrieve it and can now connect to you directly. The problem is that it sends it’s internal IP address of 192.168.0.1 and port of say 54324rather than the Nated public ones. What it should send is (for example) the public IP address of 5.45.4.21 and port 54324. When using a symmetric NAT the port is also changed so it must send the NATed port of say 54254 rather than the internal port of the console itself (54324). This has been a problem with NAT long before gaming came along. So how does the console learn that it is behind a NAT and tell other consoles to send data to the NATted IP address and port rather than it’s own internal IP address and port?"

http://www.think-like-a-computer.com/2011/09/19/symmetric-nat/
 

e38BimmerFN

Very Senior Member
Would be nice to have this feature. One the end gamer user side, it would be very beneficial to have this. Espeically for a household with two or more game consoles/PCs
Someone said that Symmetric was more secure so I presume that some security would be a factor in ones development. However one could put in a note that users could agree to that when using a less secure NAT type. To me though, why not make it easy for gamers to use there HW and game well. It's been so frustrating when trying to set up two or more consoles and trying different configurations, testing and waiting for consoles to power up and load games. Trust me, I've spent hours testing routers and game consoles for this very issue in the past two months. I am getting kinda tired of all the testing. I've gain more experience and know what to look for now and understand the problems with the consoles, routers and games now. Would be nice if all Mfrs would allow this for there gaming community. It's only benefits everyone. I hate having to swap out one router for another because it won't support multiple gaming consoles. And not everyone has a back up router LOL. I have a few, LOL. Many. LOL


I think that a nat type toggle switch would be the best option so the router might default to symmetric, but you could go tools and switch to full cone, and vice versa, mabye if we ask Merlin nicely enough he might consider it. The ability to switch between would eliminate any problems that full cone might have, because we could switch back.
 

e38BimmerFN

Very Senior Member
I agree. To whom would we make more aware of this and see if it can't be fixed?
Who owns this NAT Type code?
Found this recent article:
https://www.codeproject.com/Articles/1199384/NAT-traversal-for-Software-Developers?

MIT License?

Here is the RFC:
https://tools.ietf.org/html/draft-takeda-symmetric-nat-traversal-00


I t

I believe that symmetric NAT is broken and needs to be fixed or upgraded to support multiple consoles, if you read what I posted the link, it says the issue with symmetric NAT is here I'll quote it


"The first part in understanding why this is an issue is to realise that PC’s, xboxes, PS3s and their associated games and applications DON’T know that they are being NATed. As far as you xbox is concerned it’s IP address is 192.168.0.1. Any devices that communicate with it on the Internet however use the public IP address of your router of say 5.45.4.21. NAT takes care of translating the IP addresses from the public IP to the internal IP when needed. So why is this a problem you ask? Well with any connection attempt the destination IP address and port must be known. In all the examples above you will see that the website IP address was known as well as the port, these are fixed and never change. Some programs however use a range of dynamic ports. When hosting computer games your console will choose a random port to host the game on. Because other consoles don’t know your IP address or port they must learn it somehow before connecting. Your console sends it’s IP address and port for the hosted game to xbox live or the PS3 network where other parties retrieve it and can now connect to you directly. The problem is that it sends it’s internal IP address of 192.168.0.1 and port of say 54324rather than the Nated public ones. What it should send is (for example) the public IP address of 5.45.4.21 and port 54324. When using a symmetric NAT the port is also changed so it must send the NATed port of say 54254 rather than the internal port of the console itself (54324). This has been a problem with NAT long before gaming came along. So how does the console learn that it is behind a NAT and tell other consoles to send data to the NATted IP address and port rather than it’s own internal IP address and port?"

http://www.think-like-a-computer.com/2011/09/19/symmetric-nat/
 
Last edited:

Vexira

Part of the Furniture
Last edited:

Vexira

Part of the Furniture
lol I think I realised how to mod ip tables

How to configure "full cone" NAT using iptables
Problem: A Linux-based machine with two network interfaces can be used as a router. In order to support peer to peer application it's desirable to support "full cone" Network Address Translation. Most Linux-based routers operate as "port restricted NAT", which is less flexible.

Explanation:
With full code NAT, once the router has sent a packet from an external IP address / port combintion, incoming packets addressed to that address and port from any source address and port will be forwarded to the local source of the initial packet. It is defined by RFC3489 as follows:

Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.
Solution:
On the netfilter mailinglist, Pedro Gonçalves suggested the following: Using iptables, I set all policies to "ACCEPT" and I was able to setup two kinds of NAT:
(192.168.2.170 is my "public" address and 10.0.0.1 is my "private" address

/-"Full Cone NAT", with the following rules:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1


/-"Port Restricted Cone NAT", with just a single rule:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170/

so I change source to my public Ip and destination to my routers ip
I just need to work out the rest of it

https://serverfault.com/questions/8...-iptables-and-test-with-raknet-detection-type
 
Last edited:

Vexira

Part of the Furniture
Sooo I went and tested it all I can say is, it feels like I'm missing something there has to be more rules to switch nat types, I seem to have had an issue about what tips to assign, the issue is to do with my public ip its dynamic keeps changing so SNAT cant get the ip required.
 

e38BimmerFN

Very Senior Member
Myabe however who actually owns the NAT source code? I presume upnp works with the NAT, however whom actually owns the code and could review this and maybe get SNAT working better? or not.

 

e38BimmerFN

Very Senior Member
Awesome, keep us posted on your results. Maybe if you come up with a good step by step process for Merlin, maybe someone others can help you test it out. BiggShooter?

lol I think I realised how to mod ip tables

How to configure "full cone" NAT using iptables
Problem: A Linux-based machine with two network interfaces can be used as a router. In order to support peer to peer application it's desirable to support "full cone" Network Address Translation. Most Linux-based routers operate as "port restricted NAT", which is less flexible.

Explanation:
With full code NAT, once the router has sent a packet from an external IP address / port combintion, incoming packets addressed to that address and port from any source address and port will be forwarded to the local source of the initial packet. It is defined by RFC3489 as follows:

Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.
Solution:
On the netfilter mailinglist, Pedro Gonçalves suggested the following: Using iptables, I set all policies to "ACCEPT" and I was able to setup two kinds of NAT:
(192.168.2.170 is my "public" address and 10.0.0.1 is my "private" address

/-"Full Cone NAT", with the following rules:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1


/-"Port Restricted Cone NAT", with just a single rule:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170/

so I change source to my public Ip and destination to my routers ip
I just need to work out the rest of it

https://serverfault.com/questions/8...-iptables-and-test-with-raknet-detection-type
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top