UPnP - Multiple Xbox One Gaming Consoles & NAT

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

e38BimmerFN

Very Senior Member
Don't forget, the R7800 is a FULL CONE NAT router.

ah awesome, did you set nat filtering to open or is it on secured?,
 

e38BimmerFN

Very Senior Member
Don't forget, the R7800 is a FULL CONE NAT router. I bet you would see differences in gaming experiences with an Asus or something that isn't FULL CONE NAT. :eek:

I always get Open NAT with secured checked.
 

e38BimmerFN

Very Senior Member
uPnP also played a role in this as well. If it's not handling ports correctly, this will effect NAT status. Especially on two or more consoles.
MS mentioned that there is some improvements coming:
"Some under-the-hood UPnP improvements: We've been improving and optimizing the UPnP port mapping process, and this release contains some further enhancements to make the port mapping process even more resilient and streamlined."
 

RMerlin

Asuswrt-Merlin dev
that's only one factor of the over all issue, the other factor is poor upnp support in isp routers which a lot of people have
What do you mean by "poor upnp support"? UPnP has been supported in every ISP routers I have worked with around here.

Also is there any benefit to setting upnp external port to 1024 over the default of 1?
Security. Ports below 1024 in the *IX world are referred to as "privileged ports", and are handled differently by the OS. For instance, only a root user is able to bind to a port below 1024. So it's usually good practice not to allow binding of these ports, especially if someone were to run the upnp daemon with reduced privileges.
 

e38BimmerFN

Very Senior Member
I believe that he may mean that the uPnP implementation and code with in routers are a factor. I've been told currently, there is issues with uPnP and MS is looking at it. All I can say about it.
 

RMerlin

Asuswrt-Merlin dev
this release contains some further enhancements to make the port mapping process even more resilient and streamlined."
Let's hope they finally realized that if you request a time-limited mapping, it's your responsibility to refresh that mapping after coming out of standby/low power mode.
 

e38BimmerFN

Very Senior Member
I'm hoping. I hoping they will be looking at this thread and the badmodem thread as well. Is all there, just hoping MS and maybe Sony will help correct the behaviors....Maybe they can correct the behaviors seen with uPnP and Symmtetric NAT and all this will be history. We'll see I guess.
 

sfx2000

Part of the Furniture
What do you mean by "poor upnp support"? UPnP has been supported in every ISP routers I have worked with around here.
I would call it more along the lines of broken clients -

most routers do uPNP/NAT-PMP fairly well these days -

but the consoles are inconsistent at best - and I would put part of the blame also on the application vendors making some assumptions that are not fully correct.
 

Vexira

Part of the Furniture
What do you mean by "poor upnp support"? UPnP has been supported in every ISP routers I have worked with around here.



Security. Ports below 1024 in the *IX world are referred to as "privileged ports", and are handled differently by the OS. For instance, only a root user is able to bind to a port below 1024. So it's usually good practice not to allow binding of these ports, especially if someone were to run the upnp daemon with reduced privileges.
I've encountered ISP routers where upnp did not work, either that or it was disabled or set to some extremely secure mode, I had to manually port forward, I live in Australia ip's here give El cheap garbage modems and routers I help a few people manually port forward cause of it. Also two friends in New Zealand had issues with their ISP units
 

Vexira

Part of the Furniture
@RMerlin, may I as why does the external port allowed at one by asus rather than set to 1024. Is that an issue as well I looked at what some one said that miniupnp spec has 1024 as default for both internal and external ports.
 
Last edited:

FreshJR

Very Senior Member
One last clarification. Microsofts NAT naming was different from my initial understanding.

DMZ - open or NAT1
Port Forward (Manual) - open or NAT2
Port Forward (Automatic) - open or NAT2
Full Cone - open or NAT2 for 99% of time (moderate - NAT3 before initial connection)
Restricted Cone - moderate or NAT3
Port Restricted Cone - moderate or NAT3
Symetric Nat - strict or NAT3

Correct me if I am wrong.
 
Last edited:

Vexira

Part of the Furniture
One last clarification. Microsofts NAT naming was different from my initial understanding.

DMZ - open or NAT1
Port Forward (Manual) - open or NAT2
Port Forward (Automatic) - open or NAT2
Full Cone - open or NAT2 for 99% of time (moderate - NAT3 before initial connection)
Restricted Cone - moderate or NAT3
Port Restricted Cone - moderate or NAT3
Symetric Nat - restricted or NAT3

Correct me if I am wrong.
Open Nat (type one) -dmz, port forwarding or upnp

Moderate nat(type 2)- port conflict, port translation issues, upnp not forwarding requested port, external port does not match internal port.

Closed- haven't seen this one before but it exists.

Strict(type 3) -port is blocked and upnp is disabled or not working.

Symmetric If I remember correctly is open on one client and moderate on the second.

Restricted and port restricted I'm sure is both strict nat, you missed address restricted.

Put it this way xbox needs open nat to work properly, even Microsoft says so that's why it's extremely important, at least now Microsoft is releasing an update to allow users to change the consoles port number, I wish Sony will follow in suit.

Heres something I found in Reddit
Open: XBL port or alternative port is open inbound and outbound.

Moderate: XBL port is open outbound, but not inbound.

Strict: XBL port is unusable and an alternative port is used. This alternative port is not open inbound

https://www.reddit.com/r/xboxone/co...rtsymmetric_nat_what/?st=j67ebjq5&sh=3babdef8
 
Last edited:

FreshJR

Very Senior Member
but PlayStation surely has different meanings.

NAT1 - open outbound/inbound without upnp
NAT2 - open outbound/inbound
NAT3 - open outbound closed inbound

If not then why the hell is my PlayStation on NAT2 with a successful upnp port forward.

Restricted and port restricted I'm sure is both strict nat, you missed address restricted.

...

Open: XBL port or alternative port is open inbound and outbound.

Moderate: XBL port is open outbound, but not inbound.

Strict: XBL port is unusable and an alternative port is used. This alternative port is not open inbound

https://www.reddit.com/r/xboxone/co...rtsymmetric_nat_what/?st=j67ebjq5&sh=3babdef8
Restricted cone = address restricted cone

Your two statements don't be seem completely correct. Restricted and port restricted should be moderate according to your second statement.
 
Last edited:

e38BimmerFN

Very Senior Member
From my testing on FULL CONE NAT routers, NAT 1 or OPEN NAT is seen on both one and two game consoles and even in game. At most I had three last year and all 3 there OPEN NAT in game using same game. Xbox Ones. I don't believe any of that would be NAT type 2.

Again, we are dealing with MS and Sony naming conventions so I presume we probably should keep them separate for time being.
http://www.playstationing.com/ps4/how-to-change-your-nat-type-on-ps4-and-ps3/839

One last clarification. Microsofts NAT naming was different from my initial understanding.

DMZ - open or NAT1
Port Forward (Manual) - open or NAT2
Port Forward (Automatic) - open or NAT2
Full Cone - open or NAT2 for 99% of time (moderate - NAT3 before initial connection)
Restricted Cone - moderate or NAT3
Port Restricted Cone - moderate or NAT3
Symetric Nat - strict or NAT3

Correct me if I am wrong.
 
Last edited:

FreshJR

Very Senior Member
We are dealing with MS and Sony naming conventions so I presume we probably should keep them separate for time being.
http://www.playstationing.com/ps4/how-to-change-your-nat-type-on-ps4-and-ps3/839
I did keep them separate. You can see that the naming diverges between the two companies under the following three combinations:

-port forwarding (Manual)
-port forwarding (Automatic/UPnP)
-Full Cone Nat

If my understanding is correct, I feel SONY naming is the most accurate to describe connectivity but just uses cryptic names.

I stand by that you need to have (MS)-OPEN or (SONY)-NAT1/2 for a proper experience.
Anything else needs adjusting.

To clarify the differences, the connectivity performance compared between Nat1/2 should be identical for all situations EXCEPT the situation where a game is attempting to use a port that the console did NOT request to open. During that situation, Full Cone NAT would perform best out of the remaining 4 NAT behaviors , but it is a bandaid fix. It is preferable to have a Restricted NAT for typical network situations instead of Full Cone.
 
Last edited:

e38BimmerFN

Very Senior Member
I agree, There needs to be better NAT conventions for all gaming. However I have heard that MS is trying to push IPv6 protocol which may or may not solve any of this, however may change what NAT does. We still don't know the full details. My ISP doesn't support IPv6 and will probably be the last to implement it.

From what i'm told, FULL NAT isn't as secure as Symmetric NAT so I presume this is one reason why some router mfrs changed around the 2010/2011 time frame I'm guestimating. Yes FULL CONE NAT seems to be more flexible and compatible with two or more consoles, however I guess from what information I'm getting, there is issues with uPnP handling of this kind of configuration as well with in Symmetric NAT code. I'm hoping the powers that be will find a solution in the current state of affairs. I presume once IPv6 becomes the norm then maybe all of this will just go away, or may bring other problems. Who knows.
 

Vexira

Part of the Furniture
but PlayStation surely has different meanings.

NAT1 - open outbound/inbound without upnp
NAT2 - open outbound/inbound
NAT3 - open outbound closed inbound

If not then why the hell is my PlayStation on NAT2 with a successful upnp port forward.



Restricted cone = address restricted cone

Your two statements don't be seem completely correct. Restricted and port restricted should be moderate according to your second statement.
possibly
 

Vexira

Part of the Furniture
I did keep them separate. You can see that the naming diverges between the two companies under the following three combinations:

-port forwarding (Manual)
-port forwarding (Automatic/UPnP)
-Full Cone Nat

If my understanding is correct, I feel SONY naming is the most accurate to describe connectivity but just uses cryptic names.

I stand by that you need to have (MS)-OPEN or (SONY)-NAT1/2 for a proper experience.
Anything else needs adjusting.

To clarify the differences, the connectivity performance compared between Nat1/2 should be identical for all situations EXCEPT the situation where a game is attempting to use a port that the console did NOT request to open. During that situation, Full Cone NAT would perform best out of the remaining 4 NAT behaviors , but it is a bandaid fix. It is preferable to have a Restricted NAT for typical network situations instead of Full Cone.
the issue with sony is for all we know type two could be open behind router or moderate, i personally prefer microsoft simple version its easier to explain to non tech people, from a security perspective symetric nat would be more ideal since no unsolicited ports are opened.

"A symmetric NAT has exceptional behavior on port allocation that might help NATtraversal. The symmetric NAT allocates a port as well as typical symmetric NATbehaviors but this symmetric NAT allocates the same port number as its local port number."
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top