UPnP - Multiple Xbox One Gaming Consoles & NAT

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

e38BimmerFN

Very Senior Member
Ya we found that in game chat isn't good so we always use xbox chat for all gaming.
 

e38BimmerFN

Very Senior Member
User WAN on the GT menu, I see this:
Enable NAT Yes No

What does this do and what would happen if I disable it? o_O
 

e38BimmerFN

Very Senior Member
Why I'm asking about it before I attempt that. LOL

Have you tried that script yet?

Disable it and test with two Xbox One game consoles playing BO3 :)
 

BiggShooter

Regular Contributor
User WAN on the GT menu, I see this:
Enable NAT Yes No

What does this do and what would happen if I disable it? o_O
Disable it and test with two Xbox One game consoles playing BO3 :)
Why I'm asking about it before I attempt that. LOL

Have you tried that script yet?
I haven't tried the script yet.....as I don't know where I need to enter the script. Still waiting for some direction on that.
 

e38BimmerFN

Very Senior Member
Can you give step by step instructions on how to do this would be great.

You guys are starting to give me a headache with those multiple posts over four separate threads about NAT types...

Try the following script (can be set as a nat-start script, or manually run):

Code:
#!/bin/sh
iptables -t nat -D POSTROUTING ! -s $(nvram get wan0_ipaddr) -o $(nvram get wan0_ifname) -j MASQUERADE
iptables -t nat -I POSTROUTING -o $(nvram get wan0_ifname) -j SNAT --to-source $(nvram get wan0_ipaddr)
The PREROUTING DNAT rules are already configured by UPNP. What this does is change the POSTROUTING MASQUERADE into an SNAT.

No guarantee it will solve your problems (because there's no guarantee this IS the source of your problem).

BTW, Moderate NAT is not the end of the world. What is problematic is if you get a Strict NAT.
 

RMerlin

Asuswrt-Merlin dev
Can you give step by step instructions on how to do this would be great.
Just run the two iptables commands if you don't know how to set it up as a nat-start script (there's already plenty of documentation out there on how to configure a custom user script, so I don't really feel like repeating them again, sorry.)
 

e38BimmerFN

Very Senior Member
There any links you can provide? For those of us whom haven't done this before, I presume there is a place we can go to get this info?
What kind of tools are needed? WinSCP? FTP? These are kind of things we need to know.

I see this in your wiki however nothing for new users mentioning and what one needs and where to exactly start to input these scripts in to your FW>
https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts

Would be nice to have something for some beginners or new users to your FW when one would like to test and try scripts with using your FW.

Thank you for your time.

Just run the two iptables commands if you don't know how to set it up as a nat-start script (there's already plenty of documentation out there on how to configure a custom user script, so I don't really feel like repeating them again, sorry.)
 
Last edited:

e38BimmerFN

Very Senior Member
Lets try this:
https://airvpn.org/topic/11264-asus-merlin-wrt-port-forwarding-script-setup/
and this is needed as well: SSH and TELNET
https://github.com/RMerl/asuswrt-merlin/wiki/WOL-Script-Wake-Up-Your-Webserver-On-Internet-Traffic

Then review what Vexira is doing and probably need to work with him on this to make sure your script is correctly configured:
https://www.snbforums.com/threads/u...gaming-consoles-nat.35324/page-14#post-340088

Disable it and test with two Xbox One game consoles playing BO3 :)

I haven't tried the script yet.....as I don't know where I need to enter the script. Still waiting for some direction on that.
 
Last edited:

e38BimmerFN

Very Senior Member
I came up with this last couple of days. Not trying to take away from this thread however I felt we needed a more central place where users can see what testing has been done and what it takes to get OPEN NAT across the board:
Lets review this please:
>Gaming with Full Cone vs Symmetric NAT Routers
 

Vexira

Part of the Furniture
Just run the two iptables commands if you don't know how to set it up as a nat-start script (there's already plenty of documentation out there on how to configure a custom user script, so I don't really feel like repeating them again, sorry.)
i tested both ways not sure if it was working, proppely, im under the impression from my xbox that we are using, cone nat already not symetric sine xbox network test said so, sadly im not sure how to validate exatly, also im not sure if it was right to reboot the router after applying my attemt at the script or after entering the variabes directly into ip tables.
 

Vexira

Part of the Furniture
if
Can you give step by step instructions on how to do this would be great.
if i get a working script, but to do the ip tables channge is easy as pi, just downloat putty or kitty put your routers ip into the feild, username and password are your login details to the router copy paste the commands in to the command line.
viola it should work, dont for get to turn ssh on for lan only under admin tab then system.
if you need help pm me and i can team viewer you should you so desire also pm me if you want me to invite you to xbox preview program.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
i tested both ways not sure if it was working, proppely, im under the impression from my xbox that we are using, cone nat already not symetric sine xbox network test said so, sadly im not sure how to validate exatly, also im not sure if it was right to reboot the router after applying my attemt at the script or after entering the variabes directly into ip tables.
Rebooting the router after running the iptables commands will revert the change. Running the commands applies it to the currently running setup.
 

Vexira

Part of the Furniture
Rebooting the router after running the iptables commands will revert the change. Running the commands applies it to the currently running setup.
oh whops thnx i manged to get the log to register a nat-start script but the silly thing didnt quote the name i gave it, must of boo booed that lol. Aslo is the router running cone or symetric xbox one said its cone.
 

RMerlin

Asuswrt-Merlin dev
Aslo is the router running cone or symetric xbox one said its cone.
I don't know what NAT type the router is using.
 

Vexira

Part of the Furniture
I don't know what NAT type the router is using.
is there a command for symetric, nat just incase i dont mind burning the time to test it and give feed back, since it might help some one i guess.
 

RMerlin

Asuswrt-Merlin dev
is there a command for symetric, nat just incase i dont mind burning the time to test it and give feed back, since it might help some one i guess.
I don't know what commands will give you a "symetric NAT", not more than I know what give you a "full cone NAT". There's no clear "here is an iptables-based implementation for NAT mode xxx" on the web. Those routers that claim full cone NAT support (like the Qualcomm-based Netgear R7800) implement it through a special, closed source kernel module. Which leads me to believe that it's not something someone can implement with just two or three iptables rules, otherwise it wouldn't require some proprietary kernel module code.

The iptables rules I provided simply change the way netfilter modifies the packet to change its source IP. I provided them so people could experiment to see if it made any difference with those blackbox NAT tests done by games/consoles. The main benefit of SNAT is slightly lower overhead, Its limitation is it doesn't work with dynamic IPs such as dialups (since the iptables rule must provide the IP to NAT).
 

Vexira

Part of the Furniture
I don't know what commands will give you a "symetric NAT", not more than I know what give you a "full cone NAT". There's no clear "here is an iptables-based implementation for NAT mode xxx" on the web. Those routers that claim full cone NAT support (like the Qualcomm-based Netgear R7800) implement it through a special, closed source kernel module. Which leads me to believe that it's not something someone can implement with just two or three iptables rules, otherwise it wouldn't require some proprietary kernel module code.

The iptables rules I provided simply change the way netfilter modifies the packet to change its source IP. I provided them so people could experiment to see if it made any difference with those blackbox NAT tests done by games/consoles. The main benefit of SNAT is slightly lower overhead, Its limitation is it doesn't work with dynamic IPs such as dialups (since the iptables rule must provide the IP to NAT).
so I guess it wouldn't work for me cause every time the router reboots my ip changes, but if use in script for it would re apply the changes per boot, I'm inclined to agree with you on this, from what I tried it appears there is no change in the nat handling, from the ip tables rules, I'm half tempted to message asus again, to see if I cant talk to the engineers again,they might know whats going on with the units, the thing is I'm confused I have a suspicion that the router is not using symmetric but a form of cone nat, atleat that's what the xbox seems to say.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top